Skip to Main Content

blogpost

Resources for higher education institutions affected by
COVID-
19

04.24.20

As resources are released to help higher education institutions navigate the rapidly changing landscape, we will add important links and information to this blog post:

Industry resources:
US Department of Education (ED)

Guidance for colleges:

Guidance on leases:
FASB and GASB news: Postponement of the lease accounting standards

We are here to help
Please contact the BerryDunn higher education team if you have any questions, or would like to discuss your specific situation.

Related Industries

Related Services

Consulting

Business Advisory

Organizational and Governance

Related Professionals

Read this if you are in administration at a college or university.

Colleges and universities have been working around the clock to convert their in-person academic programming to online learning and to quickly disburse grant funding to students in line with broad eligibility requirements, all while adjusting to their own new work environments. In the search for funding in a time when many institutions are refunding student payments at unexpected and unprecedented levels, many institutions have found themselves ineligible for the Payroll Protection Program (PPP) offered under the CARES Act if the federal work study students were included in the employee count. In a welcome change, a recent interim final rule issued by the US Small Business Administration (SBA) has been released that will change the eligibility criteria for the emergency relief offered under the PPP. One of the most notable changes in the interim rule will allow colleges and universities to exclude federal work study students in determining their eligibility. 

Student workers have historically counted as employees under SBA programs. This temporary change would provide relief for many small institutions, whose federal work study programs would otherwise drive up their employment pool over the 500 employee threshold and exclude them from participation in the PPP. While federal work study positions fill important roles throughout many campus facilities, this interim final rule recognizes the primary function of a federal work study program is to provide financial aid for students attending school and is incidental to the role of the student on campus. As expected, as these positions are mostly federally funded, the interim final rule excludes these expenditures in determining the available loan amount under the PPP.

These changes are consistent with other areas of existing federal law, as noted in the interim final rule, these workers are already generally exempt from other federal employment requirements, like Federal Unemployment taxes. In order to allow for swift action, the interim final rule is effective immediately upon posting to the federal register.

We’re here to help.
For more information, or if you have questions about your specific situation, please contact the higher education consulting team.

Blog
Federal Work-Study (FWS) excluded from PPP eligibility determination

Editor's note: Read this if you are a leader in higher education.

The Department of Education (ED) has released the first round of guidance to colleges and universities, with more detail to begin issuing much-needed emergency funding grants to students from the Higher Education Emergency Relief Fund (HEERF), provided as part of the CARES Act.

The guidance clarifies a variety of questions about the portion of the funding to be used for emergency financial aid grants to students, most notably:

  • These funds cannot be used to fund room and board refunds.
  • These funds cannot be used to cover overdue student bills at the institution.
  • Only students eligible to participate in Title IV programs may receive emergency financial aid grants. Students who have not filed a FAFSA but who are eligible to file a FAFSA may receive emergency financial aid grants.

A broader summary from NASFAA can be found here.

While not specifically addressed in this guidance, the HEERF has been provided a CFDA number which leads our team to believe there is a good likelihood these funds will be included in some fashion under the Uniform Guidance compliance audits. We urge schools to retain adequate documentation from their decision making process to allow for a compliance audit, should that be required. We anticipate additional guidance on the HEERF will be forthcoming as schools begin to award the grants to students.

Questions?
Please contact Renee Bishop, Sarah Belliveau, or Mark LaPrade. We’re here to help.

Blog
Update from ED on CARES Act grants to students

Editor's note: read this if you are a leader in higher education. 

The Department of Education’s Office of Postsecondary Education posted an Electronic Announcement on April 3, 2020, to provide an update to the policy and operational guidance issued in March as a result of the COVID-19 pandemic national emergency. 

In addition to extending the March 5, 2020 guidance to apply to payment periods or terms beginning between March 5, 2020 and June 1, 2020, the Department has confirmed the temporary closure will not result in loss of institutional eligibility or participation. A few other changes to note:

  • Leaves of absence due to COVID-19-related concerns or limitations (such as interruption of a travel-abroad program) can be requested after the date the leave has begun.
  • Updates to the academic calendar requirements will allow institutions to offer courses on a schedule that would otherwise cause the program to be considered a non-standard term if it allows students to complete the term.
  • Calculated expected family contribution amounts will exclude from income any grants or low-interest loans received by victims of an emergency from a federal or state entity as part of the needs analysis.

One trend that continues to permeate the Department’s guidance is for institutions to document, as contemporaneously as possible, actions taken as a result of COVID-19 (including professional judgment decisions, on a case-by-case basis). 

The Department will be issuing more guidance on the impact of the CARES Act on R2T4 calculations, satisfactory academic progress requirements, the extension of the single audit by the Office of Management and Budget, and the potential impact to future FISAP filings. We highly recommend you read the full announcement as it outlines a wide variety of important details. 

Questions? Please contact Renee Bishop, Sarah Belliveau, or Mark LaPrade. We’re here to help.


 

Blog
COVID-19: Department of Education operational guidance

Not-for-profit board members need to wear many hats for the organization they serve. Every board member begins their term with a different set of skills, often chosen specifically for those unique abilities. As board members, we often assist the organization in raising money and as such, it is important for all members of the board to be fluent in the language of fundraising. Here are some basic definitions you need to know, and the differences between them.

Gifts with donor restriction

While many organizations can use all donations for their operating costs, many donors prefer to specify how―or when―they can use the donation. Gift restrictions come in several forms:

1.    Purpose-restricted gifts are, as their name implies, for a specific use. These can be in response to a request from your organization for that specific purpose or the donor can indicate its purpose when they make the gift. Consider how you solicit gifts from donors to be sure you don’t inadvertently apply restrictions. Not all gifts need to (or even should) be accepted by an organization, so take care in considering if specific restrictions are in line with your mission. 

2.    Time-restricted gifts can come with or without a restricted purpose. You can treat gifts for future periods as revenue today, though the funds would be considered restricted for use until the time restrictions have lapsed. These are often in the form of pledges of gifts for the future, but can also be actual donations provided today for use in coming years.

3.    Some donors prefer the earnings of their gift be available for use, while their actual donation be held in perpetuity. These are often in the form of endowments and specific restrictions may or may not be placed by the donor on the endowment’s earnings. Laws can differ from state-to-state for the treatment of those earnings, but your investment policy should govern the spending from these earnings.

The bottom line? Restricted-purpose gifts must be used for that restricted purpose.

Gifts without restriction are always welcome by organizations. The board has the ability to direct the spending of these gifts, and may designate funds for a future purpose, but unlike gifts with donor restrictions, the board does have the discretion to change their own designations.

Whether raising money or reviewing financial information, understanding fundraising language is key for board members to make the most out of donations. See A CPA’s guide to starting a capital campaign and Accounting 101 for development directors blogs for more information. Have questions or want to learn more? Please contact Emily Parker or Sarah Belliveau.

Blog
The language of fundraising: A primer for NFP board members

As 2018 is about to come to a close, organizations with fiscal year ends after December 15, 2018, are poised to start implementing the new not-for-profit reporting standard. Here are three areas to address before the close of the fiscal year to set your organization up for a smooth and successful transition, and keep in compliance:

  1. Update and approve policies—organizations need to both change certain disclosures and add new ones. The policies in place at the end of the year will be pivotal in creating the framework within which to draft these new disclosures (for example, treatment of board designations, underwater endowments, and liquidity).
  2. Functional expense reporting—if you have not historically reported expenses by natural and functional classification, develop the methodology for cost allocation. If you already have a framework in place, revisit it to determine if this still fits your organization. Finally, determine where you will present this information in the financial statements.
  3. Internal investment costs—be sure you have a methodology to segregate the organization’s internal investment costs such as internal staff time (remember, this is the cost to generate the income, not account for it) and consider the overall disclosure.

While the implementation of the new reporting standard will not be without cost (both internal costs and audit costs), if your organization considers this an opportunity to better tell your story, the end result will be a much more useful financial narrative. Don’t forget to include the BerryDunn implementation whitepaper in your implementation strategy.

We at BerryDunn are helping organizations gain momentum with a personal touch, through our not-for-profit reporting checkup. This checkup includes initial recast of the prior financial statements to the new format, a personalized review of the checklist to identify opportunities for success, and consideration of the footnotes to be updated. Contact me and find out how you can join the list of organizations getting ahead of the new standard.

Blog
Three steps to ace the new not-for-profit reporting standard

With the wind down of the Federal Perkins Loan Program and announcement that the Federal Capital Contribution (FCC) (the federal funds contributed to the loan program over time) will begin to be repaid, higher education institutions must now decide how to handle these outstanding loans. The Department of Education’s (DOE)’s plans to recover their FCC (or “distribution of assets”) in the coming 2018-19 year can be found here, with the Fiscal Operations Report and Application to Participate (FISAP) playing a crucial role in the close-out excess cash calculation. Colleges and universities are now faced with two options:

  1. Continue servicing their loans, refunding future FCC excess cash as loans are repaid
  2. Assigning loans back to the DOE (subject to certain requirements)

Colleges and universities have been evaluating these options since the decision was made to not renew the loan program. There are many considerations when deciding which path to choose:

  • Continuing to service loans has the disadvantage of ongoing administrative costs. While there is potential an administrative cost allowance could be paid to institutions that continue to service loans in the future, legislation would need to be enacted for this to occur.
  • In assigning loans back to the DOE, the institution will lose any Institutional Capital Contribution (ICC).  It is important to note the decision of whether or not to assign loans has not reached “now or never” status. You can assign loans your institution continues to service to the DOE in the future.

NACUBO recently published advisory guidance on the Perkins Loan Program close-out. This guidance provides a broader look at the close-out process, and explores the ramifications of how the two options above can impact alumni relations. The guidance also provides a useful cost/benefit calculation template and sample accounting entries for the close-out process.

Need help or have additional questions? Our experience with Perkins Loan liquidation/closeout can help as you plot a course through the Perkins wind down.

Blog
Winding down the Perkins Loan Program: "Should I stay or should I go?"

NEW UPDATE October 2017:

The Federal Perkins Loan Program expiration date has passed without extension and now the countdown is on for the program wind-down. On October 6, the Department of Education issued a Dear Colleague Letter, GEN-17-10, which provides important wind-down information and indicates the Department will begin collecting the Federal share of institutions’ Perkins Loan Revolving Funds following the submission of the 2019-2020 FISAP (due October 1, 2018) using a similar process to the Excess Liquid Capital currently in place under HEA section 466(c). The Department of Education has promised more information on this process ahead of the October 2018 deadline.

Institutions should be reviewing their portfolios to determine if they will choose to assign their Perkins Loans to the Department or continue servicing their portfolio. Once the loans are assigned, institutions lose all rights to future loan collections, including their institutional share.

Loans that are not assigned to the department should continue to be serviced under Perkins Loan Program regulations until all loans are paid in full, fully retired or assigned to the Department. The process of requiring the distribution of assets from the Perkins Loan Revolving Fund will continue each year based on the annual submission of the FISAP, until all of the Perkins Loans held by the institution have been paid in full, fully retired or assigned to the Department of Education.

An administrative cost allowance cannot be charged against the Perkins Loan Revolving Fund after June 30, 2018.

For those considering liquidation and assignment, the Assignment and Liquidation Guide provides step-by-step instructions through the process, including the required a Perkins closeout audit. We are experienced with the Perkins closeout and stand ready to assist.
 

NEW UPDATE March 30, 2016: 

A new combined Federal Perkins Loan Assignment and Liquidation Guide has been posted. You can see the announcement and links to the updated guide here.

The Federal Perkins Loan Program has expired, effective October 1. While guidance has not yet been issued by the Department of Education in response to program’s expiration, there is a published process for institutions to follow to liquidate a Perkins Loan Revolving Fund.

We'll keep you informed as guidance is issued

BerryDunn’s Higher Education experts are monitoring the situation and assessing the implications for colleges and universities and their loan recipients with outstanding balances.

Need help or have additional questions?

Our experience with Perkins loan liquidation/closeout audits can be of great help to you as you navigate the complexities of closing your Perkins loans. Feel free to contact Renee Bishop, Emily Parker, Mark LaPrade or any of our Higher Education experts.

Blog
New federal perkins loan update

While GASB has been talking about split-interest agreements for a long time (the proposal first released in June of 2015, with GASB Statement No. 81, Irrevocable Split-Interest Agreements released in March of 2016), time is quickly running out for a well-planned implementation. With the effective date looming on the horizon, (statement effective for periods beginning after December 15, 2016 unless early adopted), now is the time to start gathering needed information to record existing agreements under GASB 81.

We have learned from GASB’s not-for-profit FASB cousins that irrevocable agreements are rarely where they should be: in the hands of financial professionals. Compiling these agreements will require participation from many stakeholders. Your finance team will likely have to provide some education to avoid a great deal of confusion when asking the “do we have any irrevocable split-interest agreements?” question.

So, where do you start?

  1. Have you been tracking this information right along, nicely documented in a folder by your desk? Great! Do a quick check of others in your organization to be sure your file is complete and skip steps 2-5.
     
  2. Dig into your general ledger. Have you been receiving regular distributions from a trust? Some of these trust agreements pay out on a quarterly or annual basis and your accounting staff should be able to identify these payors. It may require a quick call to the administrator for the trust agreement to be sure the agreement qualifies under GASB 81.
     
  3. Look to your fundraising professionals. Development departments like to keep track of all types of donations. It helps to quantify their good fundraising work. Be clear about what you need from them. Remember, irrevocable split-interest agreements, often trusts or other legally enforceable agreements, are agreements wherein a donor irrevocably transfers resources to a third party to hold for the benefit of the government and at least one other beneficiary —the “split” in “split-interest agreement”!
     
  4. Keep talking to your fundraising professionals. Many of the split-interest agreements we find are very old, often created well before your current development software was put into place. Do you have old files that track this kind of information? It may require some digging in the paper files. Remember those?
     
  5. All hands on deck. While the finance and fundraising teams are scouring their records, look to others in the organization that might have record of these types of agreements. You know who holds the keys to historical knowledge at your organization, so be sure to include them in your search.

Once the finance department has collected all of the agreements, take one more look to be sure they meet the requirements of GASB 81.“Are they really irrevocable? Or do we just hope they are?” Then you can get down to the business of accounting for them. If you have questions about the accounting for these agreements, please contact me. I would love to chat. And that is irrevocable.

Blog
GASB 81: Five quick steps to irrevocable split-interest agreement success

With the implementation of GASB 72 now in full force, GASB organizations are hard at work drafting their new fair value disclosures. The addition of a fair value hierarchy table in the footnotes will add a bit more thickness to a likely already hefty financial package. With this added material comes valuable information for many financial statement users, including a much better explanation of the valuation approach of assets and liabilities reported at fair value.

Since GASB 72 (formally Fair Value Measurement and Application, effective for financial statement periods beginning after June 15, 2015) comes a few years after a similar FASB implementation, most investment professionals have dealt with the growing pains of the FASB implementation, and are well poised to provide the information necessary for the new fair value disclosures.

However, there are a few other things we have learned from the FASB implementation that can be shared with the GASB financial statement preparers:

  • The unit of account is a big deal. While investments held by organizations may be specific stocks regularly traded on the open market (here’s a tip: these are level 1); there are other investment vehicles where an organization’s investment share represents a portion of a fund that holds all kinds of other investments (level 1? Maybe, maybe not – you will need to dig deeper). The good news is, with these kinds of investments, the organization is disclosing the level within the fair value hierarchy of their investment - the share of the fund. This is not the same as the level of the investments held within the fund. This is an important distinction and should result in much less time and effort in determining the appropriate level for an investment. GASB 72 uses the example of a mutual fund. An organization owns a share of the mutual fund, not the underlying investments, therefore the disclosure requirement is for the share of the mutual fund, not the underlying assets.
  • GASB 72 requires investments measured at net asset value to be reconciling items to the fair value disclosure, but does not require these assets to be listed by level in the table (a recent change to the FASB). Further, a roll forward of level 3 items from year to year was also excluded.
     
  • If you have heard of GASB 72, then likely you have heard of the three levels. The required disclosure includes three categories of valuation to be disclosed (aptly named level 1, level 2 and level 3). With each level, comes more involvement (or even, difficulty) in determining the fair value that is recorded. The new disclosure will make it clearer to the users of the financial statements how fair value is being measured.
     
  • GASB 72 does provide some guidance in determining fair value through the use of one or more of the following valuation approaches: market approach, cost approach, or the income approach. GASB 72 discusses each of these separately, but remember there can be more than one approach, and not all items are measured equally.
  • When you think about fair value, don’t focus solely on the investments, or even only on the assets. Liabilities are in there too! Think of measuring a warranty liability, for example.

We have the advantage of hindsight after the FASB implementation. I have great hope, that as with FASB, after the initial pain of the GASB 72 implementation, once our tables are setup, and a process is in place for identifying levels, our financial statements will be much more transparent, giving us all a clearer picture of the organization.

Please contact Emily Parker if you have questions on the latest GASB updates.

Blog
New fair value disclosures from GASB 72

Read this if your organization, business, or institution is receiving financial assistance as a direct result of the COVID-19 pandemic.

Updated: August 5, 2020

Many for-profit and not-for-profit organizations are receiving financial assistance as a direct result of the COVID-19 pandemic. While there has been some guidance, there are still many unanswered questions. One unanswered question has been whether or not any of this financial assistance will be subject to the Single Audit Act. Good news―there’s finally some guidance:

  • For organizations receiving financial assistance through the Small Business Administration (SBA) Payroll Protection Program (PPP), the SBA made the determination that financial assistance is not subject to the Single Audit.
  • The other common type of financial assistance through the SBA is the Emergency Injury Disaster Loan (EIDL) program. The SBA has made the determination that as these are direct loans with the federal government, they will be subject to the Single Audit. 

It is unlikely there will be guidance within the 2020 Office of Management and Budget (OMB) Compliance Supplement related to testing the EIDL program, as the Compliance Supplement anticipated in June 2020 will not have any specific information relative to COVID-19. The OMB announced they will likely be issuing an addendum to the June supplement information specific to COVID-19 by September 2020.

Small- and medium-sized for-profit organizations, and now not-for-profit organizations, are able to access funds through the Main Street Lending Program, which is comprised of the Main Street New Loan Facility, the Main Street Priority Loan Facility, the Main Street Expanded Loan Facility, the Nonprofit Organization New Loan Facility, and the Nonprofit Organization Expanded Loan Facility. We do not currently know how, or if, the Single Audit Act will apply to these loans. Term sheets and frequently asked questions can be accessed on the Federal Reserve web page for the Main Street Lending Program.

Not-for-profits have also received additional financial assistance to help during the COVID-19 pandemic, through Medicare and Medicaid, and through the Higher Education Emergency Relief Fund (HEERF). While no definitive guidance has been received, HEERF funds, which are distributed through the Department of Education’s Education Stabilization Fund, have been assigned numbers in the Catalog of Federal Domestic Assistance, which seems to indicate they will be subject to audit. We are currently awaiting guidance if these programs will be subject to the Single Audit Act and will update this blog as that information becomes available.

Healthcare providers are able to access Provider Relief Funds (PRF) through the US Department of Health & Human Services. PRF help with healthcare-related expenses or lost revenue attributable to COVID-19. Guidance on what qualifies as a healthcare-related expense or lost revenue is still in process, and regular updates are posted on the FAQs of the US Department of Health & Human Services website. According to the Health Resources and Services Administration (HRSA), PRF funds will be subject to the Single Audit Act requirements. It is important to note that while an organization may have received funds exceeding the threshold, it is the expenditure of these funds that counts toward the Single Audit threshold.

If you have questions about accounting for, or reporting on, funds that you have received as a result of the COVID-19 pandemic, please contact a member of our Single Audit Team. We’re here to help.

Blog
COVID-19: Single audit and uniform guidance clarifications

Read this if your organization, business, or institution is receiving financial assistance as a direct result of the COVID-19 pandemic.

Updated: August 5, 2020

We expect to receive guidance on how to determine what qualifies as lost revenue in mid-August, and will post additional information when that becomes available. If you would like the information sent to you directly, please contact Grant Ballantyne.

New information continues to surface about the reporting requirements of the CARES Act Provider Relief Funds (PRFs). The most recent news published by the Health Resources and Services Administration (HRSA) states the funds will be subject to the Single Audit Act requirements. What does this mean and how does it impact your organization? Here’s a brief synopsis. 

A Single Audit (often referred to as a Uniform Guidance audit) is required when total federal grant expenditures for an organization exceed $750,000 in a fiscal year. It is important to note that while an organization may have received funds exceeding the threshold, it is the expenditure of these funds that counts toward the Single Audit threshold.  

PRFs help with healthcare-related expenses or lost revenue attributable to COVID-19. Guidance on what qualifies as a healthcare-related expense or lost revenue is still in process, and regular updates are posted on the FAQs of the US Department of Health & Human Services website.

You may remember, there were originally quarterly reporting requirements related to PRFs. On June 13, 2020 HHS updated their FAQ document to reflect a change in quarterly reporting requirements related to PRFs. According to the updated language, “Recipients of Provider Relief Fund payments do not need to submit a separate quarterly report to HHS or the Pandemic Response Accountability Committee. HHS will develop a report containing all information necessary for recipients of Provider Relief Fund payments to comply with this provision.”

Organizations that receive more than $150,000 in PRFs must still submit reports to ensure compliance with the conditions of the relief funds, but the content of the reports and dates on which these are due is yet to be determined (as of August 4, 2020). The key distinction to remember here is that this limit is based on total funds received, regardless of whether or not expenditures have been made. 

As more information comes out, we will update our website. At the moment the main takeaways are:

  • Expending $750,000 of combined relief funds and other federal awards will trigger a Single Audit
  • Receiving $150,000 of PRFs will cause reporting requirements, on a to-be-determined basis
  • Tracking PRF expenditures throughout the fiscal year will be essential for the dual purpose of reporting expenditures and accumulating any potential Single Audit support

If you would like to speak with a BerryDunn professional about reporting under the Single Audit Act, please contact a member of our Single Audit Team.

Blog
Provider Relief Funds Single Audit

Read this if you are a business with employees working in states other than their primary work location.

The COVID-19 pandemic has forced many of us to leave our offices to work remotely. For many businesses, that means having employees working from home in another state. As telecommuting become much more prevalent, due to both the pandemic and technological advances, state income tax implications have come to the forefront for businesses that now have a remote workforce and employees that may be working in a state other than their primary work location. 

Bipartisan legislation known as the Remote and Mobile Worker Relief Act of 2020 (S.3995) was introduced in the US Senate on June 18, 2020 to address the state and local tax implications of a temporary or permanent remote workforce. The legislation addresses both income tax nexus for business owners and employer-employee payroll tax responsibilities for a remote workforce. Here are some highlights:

Business income tax responsibility

The legislation would provide a temporary income tax nexus exception for businesses with remote employees in other states due to COVID-19. The exception would relieve companies from having nexus for a covered period, provided they have no other economic connection to the state in question. The covered period begins the date employees began working remotely and ends on either December 31, 2020 or the date on which the employer allows 90% of its permanent workforce to return to their primary work location, whichever date comes first.

The temporary tax nexus exception is welcome news for many business owners and employers, as a recent survey by Bloomberg indicated that three dozen states would normally consider a remote employee as a nexus trigger. Additional nexus would certainly add further income tax compliance requirements and potentially additional tax liabilities, complications that no businesses need in this already challenging environment.

Employee and employer tax responsibility

The tax implications for telecommuting vary wildly from state to state and most have not addressed how current laws would be adjusted or enforced due to the current environment. For example, New York implements a “convenience of the employer” rule. So if an out-of-state business has an employee working from home in New York, whether or not those wages are subject to New York state income tax depends on the purpose for the telecommuting arrangement. 

New York’s policy is problematic in the current environment. Arguments could be made that the employee is working for home at their convenience, at the employer’s convenience, or due to a government mandate. It is unclear which circumstance would prevail and as of this writing, New York has not addressed how this rule would apply.

If enacted, the Remote and Mobile Worker Relief Act would restrict a state’s authority to tax wage income earned by employees for performing duties in other states. The legislation would create a 90-day threshold for determining nonresident income tax liability for calendar year 2020, enhancing a bill in the House which proposes a 30-day threshold.

The 90-day threshold applies specifically to instances where the employee work arrangement is different due to the COVID-19 pandemic. For future years, the bill would put in place a standardized 30-day bright-line test, making it easier for employees to know when they are liable for non-resident state income taxes and for employers to know which states they need to withhold payroll taxes. 

What do you need to do?

With or without legislation, the year-end income tax filings and information gathering will be very different for tax year 2020. It’s more important than ever for business owners to have proper record keeping on where their employees are working on a day-to-day basis. This information is crucial in determining potential tax exposure and identifying a strategy to mitigate it. The Remote and Mobile Worker Relief Act would provide needed guidance and restore some sense of tax compliance normalcy.

If you would like more information, or have a question about your specific situation, please contact your BerryDunn tax consultant. We’re here to help.
 

Blog
The remote worker during COVID-19: Tax nexus and the new normal

Read this if your organization, business, or institution has leases and you’ve been eagerly awaiting and planning for the implementation of the new lease standards.

Ready? Set? Not yet. As we have prepared for and experienced delays related to Financial Accounting Standards Board (FASB) Accounting Standards Codification Topic 842, Leases, and Governmental Accounting Standards Board (GASB) Statement No. 87, Leases, we thought the time had finally come for implementation. With the challenges that COVID-19 has brought to everyone, the FASB and GASB recognize the significant impact COVID-19 has had on commercial businesses, state and local governments, and not-for-profits and both have proposed delays in effective dates for various accounting standards, including both lease standards.

But wait, there’s more! In response to feedback FASB received during the comment period for the lease standard, the revenue recognition standard has also been extended. We didn’t see that coming, and expect that many organizations that didn’t opt for early adoption will breathe a collective sigh of relief.

FASB details and a deeper dive

On May 20, 2020, FASB voted to delay the effective date of the lease standard and the revenue recognition standard. A formal Accounting Standards Update (ASU) summarizing these changes will be released early June. Here’s what we know now:

  • Revenue recognition―for entities that have not yet issued financial statements, the effective date of the application of FASB Accounting Standards Codification (ASC) Topic 606, Revenue Recognition, has been delayed by 12 months (effective for reporting periods beginning after December 15, 2019). This does not apply to public entities or nonpublic entities that are conduit debt obligors who previously adopted this guidance.
  • Leases―for entities that have not yet adopted the guidance from ASC 842, Leases, the effective date has been extended by 12 months (effective for reporting periods beginning after December 15, 2021).
  • Early adoption of either standard is still allowed.

FASB has also provided clarity on lease concessions that are highlighted in Topic 842. 

We recognize many lessors are making concessions due to the pandemic. Under current guidance in Topics 840 and 842, changes to lease contracts that were not included in the original lease are generally accounted for as lease modifications and, therefore, a separate contract. This would require remeasurement of the new lease contract and related right-of-use asset. 

FASB recognized this issue and has published a FASB Staff Questions and Answers (Q&A) Document, Topic 842 and Topic 840: Accounting for Lease Concessions Related to the Effects of the COVID-19 Pandemic. Under this new guidance, if lease concessions are made relating to COVID-19, entities do not need to analyze each contract to determine if a new contract has been entered into, and will have the option to apply, or not to apply, the lease modification provisions of Topics 840 and 842.

GASB details

On May 8, 2020, GASB issued Statement No. 95, Postponement of the Effective Dates of Certain Authoritative Guidance. GASB 95 extends the implementation dates of several pronouncements including:
•    Statement No. 84, Fiduciary Activities―extended by 12 months (effective for reporting periods beginning after December 15, 2019)
•    Statement No. 87, Leases―extended by 18 months (effective for reporting periods beginning after June 15, 2021)

More information

If you have questions, please contact a member of our financial statement audit team. For other COVID-19 related resources, please refer to BerryDunn’s COVID-19 Resources Page.
 

Blog
May 2020 accounting standard delay status: GASB and FASB

Read this if your organization is required to perform physician time studies.

Currently hospitals allocate physician compensation costs to Part A (provider) and Part B (professional/patient) time based on either time studies or allocation agreements. The basic instructions for periodic time studies are that they must be based on the following criteria:

  1. One full week per month of the cost reporting period
  2. Based on a full work week
  3. Use three weeks from the first week of the month, three weeks from the second week of the month, three weeks from the third week of the month and three weeks from the fourth week of the month
  4. Consecutive months cannot use the same week of the month

Per a CMS Special Edition of mlnconnects published May 15, 2020, during the COVID-19 Public Health Emergency (PHE) CMS has made the following time study options available to hospitals as follows:

  • A one-week time study every six months (two weeks per year);
  • Time studies completed prior to January 27, 2020 (the PHE effective date) for the applicable cost report period can be used with no time studies needed for 1/27/2020 – 6/30/2020; or
  • Time studies for the same period in CY 2019 (e.g., if unable to complete time studies during February through July 2020, use time studies completed February through July 2019)

If you have any questions regarding the information in this article please contact Ellen Donahue.

Blog
Physician Time Studies during the COVID-19 Public Health Emergency

Read this if you are planning for, or are in the process of implementing a new software solution.

User Acceptance Testing (UAT) is more than just another step in the implementation of a software solution. It can verify system functionality, increase the opportunity for a successful project, and create additional training opportunities for your team to adapt to the new software quickly. Independent verification through a structured user acceptance plan is essential for a smooth transition from a development environment to a production environment. 

Verification of functionality

The primary purpose of UAT is to verify that a system is ready to go live. Much of UAT is like performing a pre-flight checklist on an aircraft. Wings... check, engines... check, tires... check. A structured approach to UAT can verify that everything is working prior to rolling out a new software system for everyone to use. 

To hold vendors accountable for their contractual obligations, we recommend an agency test each functional and technical requirement identified in the statement of work portion of their contract. 

It is also recommended that the agency verify the functional and technical requirements that the vendor replied positivity to in the RFP for the system you are implementing. 

Easing the transition to a new software

Operational change management (OCM) is a term that describes a methodology for making the switch to a new software solution. Think of implementing a new software solution like learning a new language. For some employees, the legacy software solution is the only way they know how to do their job. Like learning a new language, changing the way business and learning a new software can be a challenging and scary task. The benefits outweigh the anxiety associated with learning a new language. You can communicate with a broader group of people, and maybe even travel the world! This is also true for learning a new software solution; there are new and exciting ways to perform your job.

Throughout all organizations there will be some employees resistant to change. Getting those employees involved in UAT can help. By involving them in testing the new system and providing feedback prior to implementation, they will feel ownership and be less likely to resist the change. In our experience, some of the most resistant employees, once involved in the process, become the biggest champions of the new system.  

Training and testing for better results

On top of the OCM and verification benefits a structured UAT can accomplish, UAT can be a great training opportunity. An agency needs to be able to perform actions of the tested functionality. For example, if an agency is testing a software’s ability to import a document, then a tester needs to be trained on how to do that task. By performing this task, the tester learns how to login to the software, navigate the software, and perform tasks that the end user will be accomplishing in their daily use of the new software. 

Effective UAT and change management

We have observed agencies that have installed software that was either not fully configured or the final product was not what was expected when the project started. The only way to know that software works how you want is to test it using business-driven scenarios. BerryDunn has developed a UAT process, customizable to each client, which includes a UAT tracking tool. This process and related tool helps to ensure that we inspect each item and develop steps to resolve issues when the software doesn’t function as expected. 

We also incorporate change management into all aspects of a project and find that the UAT process is the optimal time to do so. Following established and proven approaches for change management during UAT is another opportunity to optimize implementation of a new software solution. 

By building a structured approach to UAT, you can enjoy additional benefits, as additional training and OCM benefits can make the difference between forming a positive or a negative reaction to the new software. By conducting a structured and thorough UAT, you can help your users gain confidence in the process, and increase adoption of the new software. 

Please contact the team if you have specific questions relating to your specific needs, or to see how we can help your agency validate the new system’s functionality and reduce resistance to the software. We’re here to help.   
 

Blog
User Acceptance Testing: A plan for successful software implementation

The BerryDunn Recovery Advisory Team has compiled this guide to COVID-19 consulting resources for state and local government agencies and higher education institutions.

We have provided a list of our consulting services related to data analysis, CARES Act funding and procurement, and legislation and policy implementation. Many of these services can be procured via the NASPO ValuePoint Procurement Acquisition Support Services contract.

READ THE GUIDE NOW

We're here to help.
If you have any questions, please contact us at info@berrydunn.com

Blog
COVID-19 consulting resources

Read this if you are a CIO, CFO, Provost, or President at a higher education institution.

In my conversations with CIO friends over the past weeks, it is obvious that the COVID-19 pandemic has forced a lot of change for institutions. Information technology is the underlying foundation for supporting much of this change, and as such, IT leaders face a variety of new demands now and into the future. Here are important considerations going forward.

Swift impact to IT and rapid response

The COVID-19 pandemic has had a significant impact on higher education. At the onset of this pandemic, institutions found themselves quickly pivoting to work from home (WFH), moving to remote campus operations, remote instruction within a few weeks, and in some cases, a few days. Most CIOs I spoke with indicated that they were prepared, to some extent, thanks to Cloud services and online class offerings already in place—it was mostly a matter of scaling the services across the entire campus and being prepared for returning students and faculty on the heels of an extended spring break.

Services that were not in place required creative and rapid deployment to meet the new demand. For example, one CIO mentioned the capability to have staff accept calls from home. The need for softphones to accommodate student service and helpdesk calls at staff homes required rapid purchase, deployment, and training.

Most institutions have laptop loan programs in place but not scaled to the size needed during this pandemic. Students who choose to attend college on campus are now forced to attend school from home and may not have the technology they need. The need for laptop loans increased significantly. Some institutions purchased and shipped laptops directly to students’ homes. 

CIO insights about people

CIOs shared seeing positive outcomes with their staff. Almost all of the CIOs I spoke with mentioned how the pandemic has spawned creativity and problem solving across their organizations. In some cases, past staffing challenges were put on hold as managers and staff have stepped up and engaged constructively. Some other positive changes shared by CIOs:

  • Communication has improved—a more intentional exchange, a greater sense of urgency, and problem solving have created opportunities for staff to get engaged during video calls.
  • Teams focusing on high priority initiatives and fewer projects have yielded successful results. 
  • People feel a stronger connection with each other because they are uniting behind a common purpose.

Perhaps this has reduced the noise that most staff seem to hear daily about competing priorities and incoming requests that seem to never end.

Key considerations and a framework for IT leaders 

It is too early to fully understand the impact on IT during this phase of the pandemic. However, we are beginning to see budgetary concerns that will impact all institutions in some way. As campuses work to get their budgets settled, cuts could affect most departments—IT included. In light of the increased demand for technology, cuts could be less than anticipated to help ensure critical services and support are uninterrupted. Other future impacts to IT will likely include:

  • Support for a longer term WFH model and hybrid options
  • Opportunities for greater efficiencies and possible collaborative agreements between institutions to reduce costs
  • Increased budgets for online services, licenses, and technologies
  • Need for remote helpdesk support, library services, and staffing
  • Increased training needs for collaborative and instructional software
  • Increased need for change management to help support and engage staff in the new ways of providing services and support
  • Re-evaluation of organizational structure and roles to right-size and refocus positions in a more virtual environment
  • Security and risk management implications with remote workers
    • Accessibility to systems and classes 

IT leaders should examine these potential changes over the next three to nine months using a phased approach. The diagram below describes two phases of impact and areas of focus for consideration. 

Higher Education IT Leadership Phases

As IT leaders continue to support their institutions through these phases, focusing on meeting the needs of faculty, staff, and students will be key in the success of their institutions. Over time, as IT leaders move from surviving to thriving, they will have opportunities to be strategic and create new ways of supporting teaching and learning. While it remains to be seen what the future holds, change is here. 

How prepared are you to support your institution? 

If we can help you navigate through these phases, have perspective to share, or any questions, please contact us. We’re here to help.

Blog
COVID-19: Key considerations for IT leaders in Higher Ed

Read this if you are a CFO, CEO, COO, or CLO at a financial institution.

The preparation of financial statements by financial institutions involves a number of accounting estimates, some of which can be quite complex. As these estimates are often a significant focus of audits of those financial statements, financial institution personnel affected by the audit process might benefit from a discussion of the rules auditors need to follow when auditing estimates.

Accounting estimates

Across all industries, there are financial statement items that require a degree of estimation because they cannot be measured precisely. These amounts, called accounting estimates, are determined using a wide array of information available to management. In using such information to arrive at the estimates, a degree of estimation uncertainty exists, which has a direct effect on the risks of material misstatement of the resulting accounting estimates. For financial institutions, common examples of accounting estimates include the allowance for loan losses, valuation of investment securities, allocation of the purchase price in a bank or branch acquisition, and depreciation and amortization of premises and equipment, in addition to intangibles and goodwill. 

For entities other than public companies, the auditing rules are established by the American Institute of Certified Public Accountants’ Auditing Standards Board (ASB). Under these requirements a financial statement auditor has a responsibility to assess the risks of material misstatement for accounting estimates by obtaining an understanding of the following items: 

  • The requirements of generally accepted accounting principles (GAAP) relevant to accounting estimates, including related disclosures. 
  • How management identifies those transactions, events, and conditions that may give rise to the need for accounting estimates to be recognized or disclosed in the financial statements. In obtaining this understanding, the auditor should make inquiries of management about changes in circumstances that may give rise to new, or the need to revise existing, accounting estimates. 
  • How management makes the accounting estimates and the data on which they are based. 

This final item—determining how management has calculated the accounting estimate in question—includes the following specific aspects for the auditor to address:

  • the method(s), including, when applicable, the model, used in making the accounting estimate; 
  • relevant controls; 
  • whether management has used a specialist; 
  • the assumptions underlying the accounting estimates; 
  • whether there has been or ought to have been a change from the prior period in the method(s) or assumption(s) for making the accounting estimates, and if so, why; and 
  • if so, how management has assessed the effects of estimation uncertainty. 

Professional skepticism

When analyzing management’s assessment of the effects of estimation uncertainty, the auditor needs to apply professional skepticism to the accounting estimate by considering whether management considered alternative assumptions, and, if a range of assumptions was reasonable, how they determined the amount chosen was the most appropriate. If estimation uncertainty is determined to be high, this is one indicator to the auditor that estimation uncertainty may pose a significant risk of material misstatement. An identified significant risk requires the auditor to perform a test of controls and/or details during the audit; in other words, analytical procedures and testing performed in previous audits will not suffice. 

CECL considerations

For audits of financial institutions, including those that have implemented the FASB CECL standard as well as those still using the incurred loss method, the allowance for loan losses will likely be deemed a significant risk due to its materiality, estimation uncertainty, complexity, and sensitivity from a user’s perspective.   

Additional factors the auditor needs to consider include whether management performed a sensitivity analysis as part of its consideration of estimation uncertainty as described above, and whether management performed a lookback analysis to evaluate the previous process used. Auditors of accounting estimates are required to do at least a high-level lookback analysis to gain an understanding of any differences between previous estimates and actual results, and to assess the reliability of management’s process. 

Auditing estimate procedures

Procedures for auditing estimates include an evaluation of subsequent events, tests of management’s methodology, tests of controls, and, in some instances, preparation of an independent estimate by the auditor. Tests of management’s method and tests of controls, including auditing the design and implementation of controls, are the most practical and likely procedures to apply to audits of the allowance for loan losses at financial institutions, both under the current guidance and following adoption of the current expected credit loss (CECL) method under Financial Accounting Standards Board (FASB) Accounting Standards Update No. 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. As FASB has not prescribed a specific model, auditors must be prepared to tailor their procedures to address the facts and circumstances in place at each respective financial institution. 

In addition to auditing management’s estimate, auditors have the responsibility to audit related disclosures, including information about management’s methods and the model used, assumptions used in developing the estimate, and any other disclosures required by GAAP or necessary for a fair presentation of the financial statements. Throughout the audit process, auditors need to continue to exercise professional skepticism to consider what could have gone wrong during management’s process and to assess indicators of management bias, if any. 

For public companies, the Public Company Accounting Oversight Board (PCAOB) specifies auditors must evaluate both evidence that corroborates and evidence that contradicts management’s financial statement assertions in order to avoid confirmation bias. When considering the assessment of risks, as risk increases, the level of evidence obtained by the auditor should increase. As with audits of private companies, the auditor needs to consider whether the data is accurate, complete, and sufficiently precise and detailed to be used as audit evidence.

An added consideration under PCAOB rules is that the auditor is typically opining on the institution’s internal controls as well as its financial statements. This may restrict the results of control testing performed by parties independent of the function being tested from being used as audit evidence from a financial statement audit perspective. For financial institutions, this is often the case with independent loan review, since the loan review is considered part of the institution’s internal control upon which the auditor is opining. 

Supporting evidence

As with the incurred loss method, PCAOB auditing standards will require the auditor consider how much evidence is necessary to support the allowance for loan losses under CECL. All significant components of management’s allowance for loan losses estimate, including qualitative factors, will need to be supported by institution-specific data. If such data is unavailable (for example, because the institution introduces a new type of loan offering), the FASB standard indicates appropriate peer data may be acceptable. In such cases, management and the auditor may need to understand the controls in place at the vendor providing the peer data to determine its reliability. You may provide this information in the form of System and Organization Controls (commonly know as SOC1) reports of the vendor’s system.  

Recently, the International Auditing and Assurance Standards Board revised its auditing rules for estimates, with a goal of enhancing guidance regarding application of the basic audit risk model in the context of auditing estimates. The revised rules require that auditors must separately assess inherent and control risk when obtaining an understanding of controls, identifying and assessing risks, and designing and performing further audit procedures. The ASB seeks convergence of rules both internationally and domestically, and has therefore proposed changes to its requirements for auditing estimates to align with the IAASB revised rules. The ASB’s proposal on these changes indicated they would be effective beginning with audits of fiscal year ending December 31, 2022; the final effective date will be determined in conjunction with its issuance of the final rules.

The best CECL approach 

The best approach to take? Management should discuss planned changes to estimate the process with your auditors to get their perspective on best practices under CECL. Key areas to review in the discussion include documenting the decision-making process, key players involved, and the resulting review and approval process (especially for changes to methods or assumptions). Always retain copies of your final documentation for auditor review. If you would like more information, or have a specific question about your situation, please contact the team. We’re here to help. 

Blog
CECL: Understand the audit requirements and prepare for what's to come

Read this if you are a tax-exempt organization.

The IRS recently issued proposed regulations (REG-106864-18) related to Internal Revenue Code Section 512(a)(6), which requires tax-exempt entities to calculate unrelated business taxable income (UBTI) separately for each unrelated trade or business carried on by the organization.

For years beginning after December 31, 2017, exempt organizations with more than one unrelated trade or business are no longer permitted to aggregate income and deductions from all unrelated trades or businesses when calculating UBTI. In August 2018, the IRS issued Notice 2018-67, which discussed and solicited comments regarding various issues arising under Code Section 512(a)(6) and set forth interim guidance and transition rules relating to that section. 

The good news
The new proposed regulations expand upon Notice 2018-67 and provide for the following:

  • An exempt organization would identify each of its separate unrelated trades or businesses using the first two digits of the NAICS code that most accurately describes the trade or business. Activities in different geographic areas may be aggregated.
  • The total UBTI of an organization with more than one unrelated trade or business would be the sum of the UBTI computed with respect to each separate unrelated trade or business (subject to the limitation that UBTI with respect to any separate unrelated trade or business cannot be less than zero). 
  • An exempt organization with more than one unrelated trade or business would determine the NOL deduction allowed separately with respect to each of its unrelated trades or businesses.
  • An organization with losses arising in a tax year beginning before January 1, 2018 (pre-2018 NOLs), and with losses arising in a tax year beginning after December 31, 2017 (post-2017 NOLs), would deduct its pre-2018 NOLs from total UBTI before deducting any post-2017 NOLs with regard to a separate unrelated trade or business against the UBTI from such trade or business. 
  • An organization's investment activities would be treated collectively as a separate unrelated trade or business. In general, an organization's investment activities would be limited to its:
     
    1. Qualifying partnership interests
    2. Qualifying S corporation interests
    3. Debt-financed property or properties 

Organizations described in Code Sec. 501(c)(3) are classified as publicly supported charities if they meet certain support tests. The proposed regulations would permit an organization with more than one unrelated trade or business to aggregate its net income and net losses from all of its unrelated business activities for purposes of determining whether the organization is publicly supported. 

The missing news: Unaddressed items from the new guidance
With the changes provided by these proposed regulations we anticipate less complexity and lower compliance costs in applying Code Section 512(a)(6). While this new guidance is considered taxpayer friendly, the IRS still has more work to do. Items not yet addressed include:

  • Allocation of expenses among unrelated trade or businesses and between exempt and non-exempt activities.
  • The ordering rules for applying charitable deductions and NOLs.
  • Net operating losses as changed under the CARES Act.

The IRS is requesting comments on numerous key situations. Until the regulations are finalized, organizations can rely on either these proposed regulations, Notice 2018-67, or a reasonable good-faith interpretation of Code Sections 511-514 considering all the facts and circumstances.
We will keep you informed with the latest developments.

If you have any questions, please contact the not-for-profit consulting team

Blog
IRS unrelated business taxable income update: The good news and the missing news

Editor's note: Read this if you are a leader in higher education.

The Department of Education has released guidance to colleges and universities on how the CARES Act grants to institutions, under the Higher Education Emergency Relief Fund (HEERF), may be used. The guidance comes in the form of answers to frequently asked questions, which we recommend institutions read before accepting the funds. Some key answers included in the document:

  1. A school has to participate in the HEERF funding to be used for grants to students to get the institutional share.
  2. Schools can use these funds to cover the costs of refunds for room and board provided as a result of campus closure.
  3. These funds can be used to make additional emergency financial aid grants to students impacted by campus closure.

We urge schools to retain supporting documentation of the proper use of these funds to allow for a compliance audit, should that be required. 

Questions?
Please contact Renee Bishop, Sarah Belliveau, or Mark LaPrade. We’re here to help.

Blog
The Higher Education Emergency Relief Fund (HEERF): Guidelines

Read this if your organization, business, or institution has leases and you’ve been eagerly awaiting and planning for the implementation of the new lease standards.

Ready? Set? Not yet. As we have prepared for and experienced delays related to Financial Accounting Standards Board (FASB) Accounting Standards Codification Topic 842, Leases, we thought the time had finally come for implementation. With the challenges that COVID-19 has brought to everyone, the FASB recognizes the significant impact COVID-19 has brought to commercial businesses and not-for-profits and is proposing a one-year delay in implementation, as described in this article posted to the Journal of Accountancy: FASB effective date delay proposals to include private company lease accounting.

But what about lease concessions? We all recognize many lessors are making concessions due to the pandemic. Under current guidance in Topics 840 and 842, changes to lease contracts that were not included in the original lease are generally accounted for as lease modifications and, therefore, a separate contract. This would require remeasurement of the new lease contract and related right-of-use asset. FASB recognized this issue and has published a FASB Staff Questions and Answers (Q&A) Document,  Topic 842 and Topic 840: Accounting for Lease Concessions Related to the Effects of the COVID-19 Pandemic. Under this new guidance, if lease concessions are made relating to COVID-19, entities do not need to analyze each contract to determine if a new contract has been entered into, and will have the option to apply, or not to apply, the lease modification provisions of Topics 840 and 842.

Implementation of the lease accounting standard will most likely be delayed for Governmental Accounting Standards Board (GASB) entities as well. On April 15, 2020, the GASB issued an exposure draft that would delay most GASB statements and implementation guides due to be implemented for fiscal years 2019 and later. Most notably, this includes Statement 84, Fiduciary Activities, and Statement 87, Leases. Comments on the proposal will be accepted through April 30, and the board plans to consider a final statement for issuance on May 8. More information may be found in this article from the Journal of Accountancy: GASB proposes postponing effective dates due to pandemic.

More information

Whether you are a FASB or GASB entity, you can expect a delay in the implementation of the lease standard. If you have questions, please contact a member of our financial statement audit team. For other COVID-19 related resources, please refer to BerryDunn’s COVID-19 Resources Page.

Blog
FASB and GASB news: Postponement of the lease accounting standards

Read this if you are a not-for-profit looking to learn more about tax filing deadlines.

State of New Hampshire: If your organization has a December 31 year-end, your annual report filing with the Charitable Trusts Unit and related payment are still due by May 15. If you are not ready to file, you may file Form NHCT-4 for an extension by May 15. If your organization has a June 30 year-end, you may email the State Attorney General to ask for additional time to July 15.

April 24, 2020, UPDATE: Commonwealth of Massachusetts: The Massachusetts Attorney General’s office has extended the Form PC filing requirement. All filing deadlines for annual charities filings for fiscal year 2019 have been extended by six months. This extension is in addition to the automatic six month extension that many not-for-profits receive. In addition, original signatures, photocopies of signatures, and e-signatures (e.g., DocuSign) will be accepted.

On April 9, 2020, the Internal Revenue Service (IRS) issued Notice 2020-23, its third round of tax filing relief guidance, which amplifies relief set forth in previously issued IRS notices providing relief to taxpayers affected by COVID-19. Notice 2020-23 also provides additional time to perform certain other actions. The Notice holds the special distinction of being the first to provide specific relief to not-for-profit organizations with return filing and tax payment obligations due between April 1 and July 15, 2020. The details are highlighted below:

Tax deadline extended to July 15, 2020
The Notice explicitly states that Form 990-T tax payment and filing obligations due during the period between April 1 and July 15 will be automatically extended to July 15, 2020. Additionally, Form 990-PF (and associated tax payments) as well as quarterly Federal estimated tax payments remitted via Form 990-W are also explicitly noted and are granted an extension to July 15.
    
While this is certainly good news, the more eagerly anticipated news is the Notice also includes “Affected Taxpayers” who are required to perform “Specified Time-Sensitive Actions” referenced in Revenue Procedure 2018-58. The Revenue Procedure specifically mentions exempt organizations as “Affected Taxpayers” required to perform “specified time-sensitive actions”—one such action being the filing of Form 990.

In summary (with the combined power of the Notice and Revenue Procedure), any entity with a Form 990, Form 990-EZ, Form 990-PF, Form 990-T, Form 990-W estimated tax filing requirement, Form 1120-POL or Form 4720 filing obligation due between April 1 and July 15, 2020 now have until July 15, 2020 to file. Needless to say this is very welcome news for an industry that like so many others, is being pushed to the brink during this turbulent and difficult time.

Additional extensions
Notice 2020-23 (with reference to Revenue Procedure 2018-58) also extends the due date of certain forms, notices, applications, and other exempt organization activities due between April 1 and July 15, 2020, until July 15, 2020 as noted below: 

  • Community health needs assessments (CHNAs) and Implementation Strategies
  • Application for Recognition of Exemption (Forms 1023 and 1024) 
  • Section 501(h) Elections and Revocations (Form 5768)
  • Information Return of US Persons with Respect to Certain Foreign Corporations (Form 5471)
  • Political Organization Notices and Reports (Forms 8871 and 8872)
  • Notification of Intent to Operate as a Section 501(c)(4) Organization (Form 8976) 

We are here to help
Please contact the BerryDunn not-for-profit tax team if you have any questions, or would like to discuss your specific situation.

Blog
Not-for-profit May 15 tax deadline extended

Read this if you want more information about the Paycheck Protection Program (PPP).

Most likely you have heard of the PPP within the Coronavirus Aid Relief and Economic Security (CARES) Act that was passed into law March 27, 2020. Below, we’ve shared some of the questions we have heard from many of our clients. If you need more information or have questions regarding your specific question, please contact us

Question #1: What was the PPP designed for? 
Answer:
The PPP was designed with the goal of keeping American workers paid and employed. It aims to accomplish this by issuing loans to qualified businesses so that they can continue paying employees and other qualified expenses.

Question #2: Do you or your business qualify for this? 
Answer: There are several considerations when determining whether or not a business qualifies. For more information, see this recent blog post from Seth Webber, which address a number of these considerations. 

Question #3: What should the PPP loan be used to cover in your business?
Answer: The intent of allowable uses includes: (i) payroll costs, including (a) employee salaries, commissions, or similar compensations, (b) group health care benefits, (c) paid vacation, parental, sick, medical, or family leave, (d) allowances for dismissal or separation, (e) retirement benefits, and (f) state or local tax assessed on the compensation on employee;  (ii) payments of interest on any mortgage obligation, but not prepayment or payment of principal amounts; (ii) rent (including rent under a lease agreement); (iv) utilities; and (v) interest on any other debt obligations incurred before February 15, 2020. However, certain payroll costs are excluded, including salaries and wages which annualized amounts would result in compensation over $100,000 and sick and family leave wages for which a credit is allowed under the Families First Coronavirus Response Act.  

Additionally, you should consider the time period your allowable expenses are designated for. The Small Business Administration (SBA), in consultation with the Department of the Treasury (Treasury) issued a list of frequently asked questions (FAQs) and responses to these FAQs as of April 10, 2020, Paycheck Protection Program Loans FAQs. Within these FAQs, Question 20 asked, “The amount of forgiveness of a PPP loan depends on the borrower’s payroll costs over an eight-week period; when does that eight-week period begin?” The SBA and Treasury noted, “The eight-week period begins on the date the lender makes the first disbursement of the PPP loan to the borrower. The lender must make the first disbursement of the loan no later than ten (10) calendar days from the date of loan approval.” 

Question #4: What portion of the loan, if any, can be forgiven?
Answer:
The Treasury Department issued guidance on March 31, 2020 indicating that at least 75% of the forgiven amount should be used for qualified payroll costs. Although the covered period is specified as February 15, 2020 through June 30, 2020, forgiveness amounts of the loan are based on expenses (primarily payroll) during the eight-week period following the receipt of the loan. There are other aspects of the forgiveness provisions that impact the actual amount forgiven, including maintaining or quickly rehiring employees and maintaining salary levels, with the overall forgiveness amount being reduced if full-time headcount declines, or if salaries and wages decrease more than 25%.

Question #5: What about the portion of your loan that is not forgiven?
Answer:
For the portion of loan not forgiven, the life and terms of the residual loan appear favorable. Current guidance indicates a repayment period of two year loan at 1% interest. Included within this is a six-month deferral period on principal repayment. The loan does not require collateral or a personal guarantee.

Question #6: How should you keep track of the funding and allowable costs?
Answer
: Best practice would be to set up a separate banking account. This will allow you to bifurcate the funding source and offset that amount by costs tracked over the covered period directly. This allows you to use other cash reserves and funding sources to meet other expense needs during the covered period. The funds need to be brought over (into that separate banking account) within 10 days of the application being approved.

Question #7: What other resources are available if the PPP is not a good fit for you?
Answer:
There are additional programs available through the Small Business Administration (SBA) including the Economic Injury Disaster Loan (EIDL) program, which features an advance amount (EIDL Emergency Grant) of up to $10,000. Guidance remains outstanding on exact implications of the EIDL Emergency Grant amount with some SBA offices pointing to $1,000 per employee up to a total max of $10,000. This EIDL Emergency Grant does not have to be repaid, but if you subsequently receive funding through the PPP, your forgiveness amount will be reduced by the EIDL Emergency Grant amount. The EIDL program also features a max life of 30 year loan with interest rates of 3.75% and 2.75% for entities that are for-profit and non-profit, respectively. More information on this is detailed in Dave Erb’s recent blog post.

If you do not need to make use of the PPP and EIDL programs, but still face significant downturns in your revenue base, tax relief in the form of the Employee Retention Credit (ERC) may also be an option. The provisions of the ERC within the CARES Act specify eligibility as, an employer that does not participate in the PPP and: (i) a complete or partial shutdown in operations; or (ii) at least a 50% decline in gross receipts, based on quarterly comparison from 2020 to 2019. The ERC allows for a tax credit of 50% of qualified wages (max wages of $10,000 per employee and max credit of $5,000 per employee). For more information on the ERC provisions, see Bill Enck’s blog post.

As developments continue to unfold and changes in guidance continue to emerge, the BerryDunn Recovery Advisory Team can help you stay informed through the BerryDunn COVID-19 Resource Center.

Blog
Paycheck Protection Program: FAQs

Read this if you are a Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Chief Information Officer, or Controller.

While COVID-19 has forced many of us into a remote work environment, we also have to deal with the challenges that come along with it. The stark contrast between an office environment and one that potentially involves working in isolation can be a difficult adjustment. Office kitchen conversations have evolved into conversations with pets, our newest co-workers. A quick, in-person question has now turned into an email, phone, or video call. And job responsibilities expand as we try to not only juggle work but also ensure our children focus on school work―and don’t destroy the house. 

Not only has this forced environment caused social challenges, it has also opened the door for internal control challenges, as  internal controls designed to operate effectively in an office environment may not be ideal for a remote workplace. Even ones that are appropriately designed, may prove to be operating ineffectively in this new environment. Let’s take a look at some internal control challenges, and potential solutions, faced by working in a remote environment.

Establishing a remote control environment

Exercising appropriate tone at the top and establishing appropriate oversight can be challenging with a remote workforce. Ethics and governance policies play an important role in setting clear expectations about workplace behaviors. But, a workforce is much more apt to follow a leadership team’s example rather than a policy. All of those office conversations, even the conversations that are not work related, help set an expectation of appropriate and inappropriate behaviors. These conversations often happen naturally in the office via a quick conversation in passing in the hallway or a late-Friday happy hour with your department. However, these interactions do not naturally occur in a remote workplace. Leadership and department heads should make an active effort to maintain communication with their workforce. Some things to consider:

  • Send out weekly emails to the entire department and possibly more personal, one-on-one videoconferences or phone calls between your department heads or managers and individual members of their teams.
  • These department-wide emails should stress the importance of communication as well as continuing to produce high quality work and maintaining accountability. 
  • One-on-one meetings should be used to check in with employees to ensure their work needs are being met. 

Employees will most likely have many suggestions to improve their new work environment, including suggestions on how to improve communication amongst team members. 

The power of video

Videoconferencing also provides a great opportunity to stay connected. Virtual happy hours simulate an in-person happy hour. This is a great way to check-in with team members and show that, although people are out of sight, they are not out of mind. Town hall-type meetings can also be explored. Your leadership team can solicit open discussion. Agenda items may include office status updates, technological considerations, and an opportunity for employees to openly discuss current challenges due to working in a remote environment. Employees are going to have anxiety about the current environment. These meetings can help put employees at ease.

Risk assessment

Internal control environments are constantly evolving. Employees leave. Software is updated.  Offered services and products change. The list goes on. However, it is unprecedented that an internal control environment has changed so rapidly. Given these unprecedented times, there is potential for higher risk of fraud, internally and externally. Those responsible for designing internal controls (control owners) should reassess your company’s environment. Although internal controls can be designed in a manner in which they operate effectively regardless of the circumstances, it is possible there are unintended changes to processes that have occurred. 

For instance, let’s say the employee responsible for reviewing loan file maintenance changes is now working an alternative work schedule due to personal obligations. This employee does not have the ability to make loan file changes; therefore, segregation of duties has never been an issue. An employee within loan servicing has agreed to take some of the employee’s responsibilities and is now reviewing some of the loan file maintenance changes, which has put this employee in a position to review some of their own changes. 

Furthermore, some internal controls that require employees be at a physical location to operate may also be compromised, such as inventory cycle counts. If these controls are unable to operate, control owners will need to consider the impacts on the affected transaction areas, and if there are compensating controls that can be designed to alleviate some of the control risk.

Control activities

Accounts payable and check signing

The accounts payable and cash disbursement process will most likely be upended as a result of your new remote environment. Bills received through the mail will need to be scanned to the accounts payable clerk for entry into the accounting system. Some offices have designated certain personnel responsible for checking mail on an infrequent basis, for instance, weekly. Check signing may also prove to be a challenge as blank check stock may be inaccessible. Electronic receipt of invoices and signing of checks, as well as the use of wire and ACH transfers, lend themselves as feasible solutions. Email approvals may suffice when multiple signers are needed to approve high dollar disbursements.

Segregation of duties

As mentioned above, it is possible processes have inadvertently changed, exposing certain internal controls to ineffectiveness. Segregation of duties may become difficult as employees shift to alternative work schedules or have other issues. Maintaining segregation of duties should be a top priority for control owners and is something that should be constantly assessed as circumstances change. Challenging times may make segregation of duties difficult and may force you to get creative by requesting employees perform duties they are not otherwise accustomed to performing.

Digital sign-offs

You should also consider the manner in which you document the completion of controls. Control owners should be cautious about the integrity of an employee’s initials simply typed onto a digital document, as any employee can perform this task. Digital signatures, which require an employee to enter credentials prior to signing, enhance the integrity of a sign-off and are often time stamped. Digital signatures may also “lock down” the document, prohibiting any changes to the signed document.

Timely review

Given the circumstances, it is not unreasonable that preparation and review may take longer than under normal circumstances. Even if additional time is granted for the preparation and review of documents, you should consider the implications this has on the transaction class as a whole. The longer it takes to complete a control, the greater the consequences may be if you identify an error. For instance, the impact of an incorrect change to a loan rate index can be substantial if not identified timely. If identified quickly, you can avoid consequences later.

Information and communication

For many companies that have moved from a paper to a digital environment, sharing of information should not be an issue. However, for those that still operate in a mostly paper environment, performing tasks and sharing information with team members may prove to be difficult. And, those without the capability of scanning and sending documents from home could compromise a specific internal control altogether. Being forced to work remotely may be the perfect excuse to move paper processes into a digital format.

Monitoring

Monitoring your internal control environment is of the utmost importance given these significant changes. Frequent conversations should be had with control owners to ensure changes to processes do not render controls ineffective. Identified gaps in internal controls should be addressed proactively. Provide control owners with the opportunity to discuss changes to control processes with Internal Audit or Risk Management so such departments can consider the impact of changes on internal control. This also gives these departments the opportunity to cover any resulting gaps.

Permanent changes

Once the remote workplace requirements end, the effects of working in such an environment will not. There are many benefits and efficiencies to be found in working remotely. As people have now been forced to work in such an environment, they will be more apt to continue to do so. Therefore, let’s take this opportunity to revise processes and internal controls to be “remote workplace” compatible. This will provide a long-lasting impact to your organization far beyond the pandemic. 
 

Blog
How does your control environment look in a remote world?

The COVID-19 emergency has caused CMS (Centers for Medicare & Medicaid Services) to expand eligibility for expedited payments to Medicare providers and suppliers for the duration of the public health emergency.

Accelerated payments have been available to providers/suppliers in the past due to a disruption in claims submission or claims processing, mainly due to natural disasters. Because of the COVID-19 public health emergency, CMS has expanded the accelerated payment program to provide necessary funds to eligible providers/suppliers who submit a request to their Medicare Administrative Contractor (MAC) and meet the required qualifications.

Eligibility requirements―Providers/suppliers who:

  1. Have billed Medicare for claims within 180 days immediately prior to the date of signature on the provider’s/supplier’s request form,
  2. Are not in bankruptcy,
  3. Are not under active medical review or program integrity investigation, and
  4. Do not have any outstanding delinquent Medicare overpayments.

Amount of payment:
Eligible providers/suppliers will request a specific amount for an accelerated payment. Most providers can request up to 100% of the Medicare payment amount for a three-month period. Inpatient acute care hospitals and certain other hospitals can request up to 100% of the Medicare payment amount for a six-month period. Critical access hospitals (CAHs) can request up to 125% of the Medicare payment for a six-month period.

Processing time:
CMS has indicated that MACs will work to review and issue payment within seven calendar days of receiving the request.

Repayment, recoupment, and reconciliation:
Repayment of the accelerated payment begins 120 days after the date of the issuance of the payment.

  • Inpatient acute care hospitals, certain other hospitals, and CAHs have up to one year from the payment date to repay the balance.
  • All other Part A providers and Part B suppliers will have 210 days from the payment date to repay the balance.
  • Providers/suppliers should continue to submit claims as usual after the issuance of the accelerated payment, but recoupment will not begin for 120 days. Full payment will be made on claims during the 120-day period. At the end of the 120-day period, the recoupment process automatically begins. Every claim submitted will be offset from the new claims to repay the accelerated payment. No payment will be made on newly submitted claims and repayment will begin.
  • The majority of hospitals will have up to one year from the date of the accelerated payment to repay the balance. One year after the accelerated payment is made, the MAC will check to determine if there is a remaining balance. If there is an un-recouped balance, the MAC will send a request for repayment which is to be made by direct payment. Part A and Part B providers not subject to the one-year recoupment plan will have up to 210 days for the reconciliation process to begin.
  • For Part A providers who receive Periodic Interim Payments, the accelerated payment reconciliation process will happen at the final cost report process (180 days after the fiscal period closes).

Application:
The MAC for Jurisdiction 6 and Jurisdiction K is NGS (National Government Services). The NGS application for accelerated payment can be found here.

The NGS Hotline telephone number is 1.888.802.3898. Per NGSMedicare.com, representatives are available Monday through Friday during regular business hours.

The MAC will review the application to ensure the eligibility requirements are met. The provider/supplier will be notified of approval or denial by mail or email. If the request is approved, the MAC will issue the accelerated payment within seven calendar days from the request.

Tips for filing the Request for Accelerated/Advance Payment:
The key to determining whether a provider should apply under Part A or Part B is the Medicare Identification number. For hospitals, the majority of funding would originate under Part A based on the CMS Certification Number (CCN) also known as the Provider Transaction Access Number (PTAN). As an example, Maine hospitals have CCN / PTAN numbers that use the following numbering convention "20-XXXX". Part B requests would originate when the provider differs from this convention. In short, everything reported on a cost report or Provider Statistical and Reimbursement report  (PS&R) would fall under Part A for the purpose of this funding. 
 
When funding is approved, the requested amount is compared to a database with amounts calculated by Medicare and provides funding at the lessor of the two amounts. The current form allows the provider to request the maximum payment amount as calculated by CMS or a lesser specified amount.
 
A representative from National Government Services indicated the preference was to receive one request for Part A per hospital. The form provides for attachment of a listing of multiple PTAN and NPI numbers that fall under the organization.

Interest after recoupment period:
On Monday, April 6, 2020, the American Hospital Association (AHA) wrote a letter to the Department of Health and Human Services and CMS requesting the interest rate applied to the repayment of the accelerated/advanced payments be waived or substantially reduced. AHA received clarification from CMS that any remaining balance at the end of the recoupment period is subject to interest. Currently that interest rate is set at 10.25% or the “prevailing rate set by the Treasury Department”. Without relief from CMS, interest will accrue as of the 31st day after the hospital has received a demand letter for the repayment of the remaining balance. The hospital does have 30 days to pay the balance without incurring interest.  

We are here to help
If you have questions or need more information about your specific situation, please contact the hospital consulting team. We’re here to help.

Blog
Medicare Accelerated Payment Program

BerryDunn’s Healthcare/Not-for-Profit Practice Group members have been working closely with our clients as they navigate the effect the COVID-19 pandemic will have on their ability to sustain and advance their missions.

We have collected several of the questions we received, and the answers provided, so that you may also benefit from this information. We will be updating our COVID-19 Resources page regularly. If you have a question you would like to have answered, please contact Sarah Belliveau, Not-for-Profit Practice Area leader, at sbelliveau@berrydunn.com.

The following questions and answers have been compiled into categories: stabilization, cash flow, financial reporting, endowments and investments, employee benefits, and additional considerations.

STABILIZATION
Q: Is all relief focused on small to mid-size organizations? What can larger nonprofit organizations participate in for relief?
A:

We have learned that there is an as-yet-to-be-defined loan program for mid-sized employers between 500-10,000 employees. You can find information in the Loans Available for Nonprofits section (link below) of  the CARES Act as well as on the Independent Sector CARES Act web page, which will be updated regularly.

Q: Should I perform financial modeling so I can understand the impact this will have on my organization? Things are moving so fast, how do I know what federal programs are available to provide assistance?
A:

The first step in developing a short-term model to navigate the next few months is to gain an understanding of the programs available to provide assistance. These resources summarize some information about available programs:

Loans Available for Nonprofits in the CARES Act
Families First Coronavirus Response Act (FFCRA): FAQs for Businesses
CARES Act Tax Provisions for Not-for-Profit Organizations

The next step is to develop scenarios ranging from best case to worst case to analyze the potential impact of revenue and/or cost reductions on the organization. Modeling the various options available to you will help to determine which program is best for your organization. Each program achieves a different objective – for instance:

  • The Paycheck Protection Program can assist in retaining employees in the short term.
  • The Emergency Economic Injury Grants are helpful in covering a small immediate liquidity need.
  • The Small Business Debt Relief Program provides aid to those concerned with making SBA loan payments.

Additionally, consider non-federal options, such as discussing short-term deferrals with your current bank.

Q: How should I create a financial forecast/model for the next year?
A:

If you have the benefit of waiting, this is likely a time period in which it makes sense to delay significant in-depth forecasting efforts, particularly if your business environment is complicated or subject to significantly volatility as a result of recent events. The concern with beginning to model for future periods, outside of the next three-to-six months, is that you’ll be using information that is incomplete and ever-changing. This could lead to snap judgments that are short-term in nature and detrimental to long-term planning and success of your organization. 

With that said, we recognize that delaying this analysis will be unsettling to many CFOs and business managers who need to have a strategy moving forward. In developing this model for next year, consider the following elements of a strong model:

  1. Flexible and dynamic – Allow room for the model to adapt as more information is available and as additional insight is requested by your constituents (board members, department heads, lenders, etc.).
  2. Prioritize – Start with your big-ticket items. These should be the items that drive results for the organization. Determine what your top two to three revenue and expense categories are and focus on wrapping your arms around the future of those. From there, look for other revenue and expense sources that show correlation with one of the big two to three. Using a dynamic model, these should be automatically updated when assumptions on correlated items change. Don’t waste time on items that likely don’t impact decision making. Finally, build consensus on baseline assumptions, whether it be through management or accounting team, the board, or finance committee.
  3. Stress-test – Provide for the reality that your assumptions, and thus model, will be wrong. Develop scenarios that run from best-case to worst-case. Be honest with your assumptions.
  4. Identify levers – As you complete stress-testing, identify your action plan under different circumstances. What are expenditures that can be deferred in a worst-case scenario? What does staffing look like at various levels?
  5. Cash is king – The focus on forecasting and modeling is often on the net income of the organization and the cash flows generated. In a time such as this, the exercise is likely to focus on future liquidity. Remember to consider your non-income and expense items that impact cash flow, such as principal payments on debt service, planned additions to property & equipment, receipts on pledge payments, and others.  
CASH FLOW
Q: How can I alleviate cash flow strain in the near term?
A:

While the House and Senate have reacted quickly to bring needed relief to individuals and businesses across the country, the reality for most is that more will need to be done to stabilize. Operationally, obvious responses in the short term should be to eliminate all nonessential purchasing and maximize the billing and collection functions in accounts receivable. Another option is to utilize or increase an existing line of credit, or establish a new line of credit, to alleviate short term cash flow shortfalls. Organizations with investment portfolios can consider the prudence of increasing the spending draw on those funds. Rather than making a few drastic changes, organizations should take a multi-faceted approach to reduce the strain on cash flow while protecting the long term sustainability of the mission.

Q: How can I increase my organization’s reach to help with disaster relief? If we establish a special purpose fund, what should my organization be thinking about?
A:

Many organizations are looking for ways to increase their direct impact and give funding to individuals or organizations they may not have historically supported. For those who are want to expand their grant or gift making or want to establish a disaster relief fund, there are things to consider when doing so to help protect the organization. The nonprofit experts at Hemenway & Barnes share their thoughts on just how to do that.

FINANCIAL REPORTING
Q: What accounting standards have been delayed or are in the process of being delayed?
A:

FASB:
The $2.2 trillion stimulus package includes a provision that would allow banks the temporary option to delay compliance with the current expected credit losses (CECL) accounting standard. This would be delayed until the earlier end of the fiscal year or the end of the coronavirus national emergency.

GASB:
On March 26, 2020, the Governmental Accounting Standards Board (GASB) announced it has added a project to its current technical agenda to consider postponing all Statement and Implementation Guide provisions with an effective date that begins on or after reporting periods beginning after June 15, 2018. The GASB has received numerous requests from state and local government officials and public accounting firms regarding postponing the upcoming effective dates of pronouncements as these state and local government offices are closed and officials do not have access to the information needed to implement the Statements. Most notably this would include Statement No. 84, Fiduciary Activities, and Statement No. 87, Leases.

The Board plans to consider an Exposure Draft for issuance in April and finalize the guidance in May 2020.

ENDOWMENTS AND INVESTMENTS 
Q: What should I consider with regard to endowments?
A:

Many nonprofits with endowments are considering ways to balance an increased reliance on their investment portfolios with the responsibility to protect and preserve the spending power of donor-restricted gifts. Some things to think about include the existence (or absence) of true restrictions, spending variations under the Uniform Prudent Management of Institutional Funds Act (UPMIFA) applicable in your state, borrowing from an endowment, or requesting from the donor the release of restrictions. All need to be balanced with the intended duration and preservation of the endowment fund. Hemenway & Barnes shares their thoughts relative to the utilization of endowments during this time of need.

EMPLOYEE BENEFITS
Q: We are going to suspend our retirement plan match through June 30, 2020 and I picked a start date of April 1st. What we need help with is our bi-weekly payroll (which is for HOURLY employees). Their next pay date is April 3rd, for time worked through March 28th. Time worked March 29-31 would be paid on April 17th. How should we handle the match during this period for the hourly employees?
A:

The key for determining what to include for the matching calculation is when it is paid, not when it was earned. If the amendment is effective April 1st, then any amounts paid after April 1st would not have matching contributions calculated. This means that the amounts paid on April 3rd would not have any matching contributions calculated.

Q: Can you please provide guidance on the Families First Coronavirus Response Act (FFCRA) and how it may impact my organization?
A:

On March 30th, BerryDunn published a blog post to help answer your questions around the FFCRA.

If you have additional questions, please contact one of our Employee Benefit Plan professionals

ADDITIONAL CONSIDERATIONS
Q: I heard there was going to be an incentive for charitable giving in the new act. What's that all about?
A:

According to Sections 2204 and 2205 of the CARES Act:

  • Up to $300 of charitable contributions can be taken as a deduction in calculating adjusted gross income (AGI) for the 2020 tax year. This will provide a tax benefit even to those who do not itemize.
  • For the 2020 tax year, the tax cap has been lifted for:
    • Individuals-from 60% of AGI to 100%
    • Corporations-annual limit is raised from 10% to 25% (for food donations this is raised from 15% to 25%)
Q: Have you heard if the May 15th tax deadline will be extended?
A:

Unfortunately, we have not heard. As of April 6th, the deadline has not been extended.

Q: Could you please summarize for me the tax provisions in the CARES Act that you think are most applicable to not-for-profits?
A: Absolutely! Our not-for-profit tax professionals have compiled this document, which provides a high-level outline of tax provisions in the CARES Act that we believe would be of interest to our clients.

We are here to help
Please contact the BerryDunn not-for-profit team if you have any questions, or would like to discuss your specific situation.

Blog
COVID-19 FAQs—Not-for-Profit Edition

CARES Act update:

As anticipated, the House of Representatives approved the CARES Act on March 27, 2020, and the President has signed the measure. The provisions highlighted in our prior summary remain intact in the final measure. 

So…how are the emergency relief funds in the legislation accessed by healthcare providers?

  • Public Health & Social Services Emergency Fund (PHSSEF): The guidance on how hospitals will access the $100 billion in PHSSEF funds to offset “COVID-19 related expenses and lost revenue” is expected to be released shortly. Keep an eye on this space for further updates as information becomes available.
  • Medicare Advanced Lump Sum or Periodic Interim Payments: Application is made through the Fiscal Intermediary (FI). It should be noted that healthcare organizations do not qualify if they are in bankruptcy, under active medical review or program integrity investigation, or have outstanding, delinquent Medicare overpayments.
  • SBA Paycheck Protection Program (PPP): This application process begins with your local lender. Do not hesitate—contact your lender immediately as it is anticipated that application volume will be tremendous. For more specifics on this program compiled by BerryDunn experts, visit our blog.

We will continue to provide updates as more information becomes available. In the meantime, please feel free to contact the hospital consulting team. Despite the current circumstances we remain available to support your needs. 


On March 25, 2020 the US Senate unanimously approved the $2 trillion Coronavirus Aid, Relief, and Economic Security (CARES) Act (The “Act”). The White House has signaled that it will sign the measure as approved by the Senate. 

Major provisions of the proposed legislation include:

  • $100 billion for hospital “COVID-19 related expenses and lost revenue”
  • $275 million for rural hospitals, telehealth, poison control centers, and HIV/AIDS programs
  • $250 million for hospital capacity expansion and response
  • $150 million for modifications of existing hospital, nursing home, and “domiciliary facilities” undertaken as part of COVID-19 response

The CARES Act also includes the following targeted relief and payment modifications under the Medicare and Medicaid programs:

  • The Medicare 2% sequester will be suspended from May 1, 2020 through December 31, 2020. 
  • “Through the duration of the COVID-19 emergency period”, the Act will increase by 20% hospital payments for the treatment of patients admitted with COVID-19. The add-on applies to hospitals paid through the Inpatient Prospective Payment System.
  • $4 billion in scheduled cuts to Medicaid Disproportionate Share Hospital payments will be further delayed from May 22, 2020 to November 30, 2020.
  • Certain hospitals, including those designated as rural or frontier, have the option to request up to a six month advanced lump sum or periodic interim payments from Medicare. The payments will:
    1. Be based upon net payments represented by unbilled discharges or unpaid bills,
    2. Equal up to 100% of prior period payments, 125% for Critical Access Hospitals
    3. In terms of paying down the “no interest loans”, hospitals will be given a four month grace period to begin making payments and at least 12 months to fully liquidate the obligation.

Non-financing provisions contained in the Act that will impact hospital operations include:

  • Providing acute care hospitals the option to transfer patients out of their facilities and into alternative care settings to "prioritize resources needed to treat COVID-19 cases." That flexibility will come through the waiver of the Inpatient Rehabilitation Facility (IRF) three-hour rule, which requires patients to need at least three hours of intensive rehabilitation at least five days per week to be admitted to an IRF.
  • Allowing Long-Term Care Hospitals (LTCH) to maintain their designation even if more than 50% of their cases are less intensive and would temporarily pause LTCH site-neutral payments.
  • Suspending scheduled Medicare payment cuts for durable medical equipment during the length of the COVID-19 emergency period, to help patients transition from hospital to home.
  • Disallow Medicare beneficiary cost-sharing payments for any COVID-19 vaccine.
  • Ensuring that uninsured individuals could receive free COVID-19 tests "and related service" through any state Medicaid program that elects to enroll them.

Other emergency-period provisions that directly affect other entities but have implications for hospitals:

  • Affording $150 billion to states, territories, and tribal governments to cover their costs for responding to the coronavirus public health emergency.
  • Physician assistants, nurse practitioners, and other professionals will be allowed to order home health services for Medicare beneficiaries, to increase "beneficiary access to care in the safety of their home."
  • Requiring HHS to clarify guidance encouraging the use of telecommunications systems, including remote patient monitoring, for home health services.
  • Allowing qualified providers to use telehealth technologies to fulfill the hospice face-to-face recertification requirement.
  • Eliminating the requirement that a nephrologist conduct some of the required periodic evaluations of a home-dialysis patient face-to-face.
  • Allowing federally qualified health centers and rural health clinics to serve as a distant site for telehealth consultations.
  • Eliminating the telehealth requirement that physicians or other professionals have treated a patient in the past three years.
  • Allowing high-deductible health plans with a health savings account (HSA) to cover telehealth services before a patient reaches the deductible.
  • Allowing patients to use HSA and flexible spending accounts to buy over-the-counter medical products without a prescription.

For more information
If you have questions or need more information about your specific situation, please contact the hospital consulting team. We’re here to help. 
 

Blog
CARES Act provides hospitals with emergency funding and policy wins

Over the last few weeks, CMS and the President have enacted legislation and released guidance to assist the senior living industry in coping with the impact of COVID-19. We recognize the elderly residents of our country are the most vulnerable population and your days are filled caring for your population’s needs and health. Our senior living professionals have written this article to highlight new regulations impacting the industry and offer practical tips for guarding your facility's financial health through the COVID-19 outbreak.

Amidst rapid hourly changes in contending with the coronavirus and its far-reaching impacts, the way you run your facility has changed. Along with this change comes an increase in expenditures. To ensure that your facility is getting much needed financial relief and being properly reimbursed for the full impact of COVID-19, we recommend tracking your expenditures related to the coronavirus. Expenditures related to COVID-19 go beyond the cost of additional Personal Protective Equipment (PPE), they will likely include additional direct care staffing, along with housekeeping, dietary and laundry staffing, and supplies needed to maintain the heightened level of hygiene required to combat the spread of COVID-19 in your facility.

CMS issues waiver of 3-Day Stay and Spell of Illness
On March 14, Centers for Medicare and Medicaid Services (CMS) issued two waivers to aid skilled nursing facilities in addressing the national COVID-19 outbreak. CMS is waiving both the 3-Day Stay and Spell of Illness requirements. Read the COVID-19 Emergency Declaration.

Key provisions to consider with regard to 3-midnight qualifying stay requirement:

  • The exception applies to traditional Medicare coverage only (Medicare Advantage plans may or may not follow this exception);
  • It is in effect as of March 1, 2020, and will only be in effect while public health emergency is declared;
  • Applies only to beneficiaries affected by the emergency or who experience dislocations;
  • Providers have to document medical necessity and clinical reasons for not meeting 3-midnight requirement, understanding that the intent of this provision is to free up hospital beds and reduce potential risk of exposure to the patient;
  • Providers are to use condition code “DR” on the claims. 

Read additional AHCA clarifications and guidance regarding the waivers of 3-Day Stay and Spell of Illness requirements.

MDS completion and submission waivers
CMS is waiving 42 CFR 483.20 to provide relief to SNFs on the timeframe requirements for Minimum Data Set (MDS) assessments and transmissions. CMS has yet to issue technical guidance on how to implement.

On March 22, 2020, CMS announced temporary administrative burden relief related to Quality Reporting which includes certain SNF-specific changes:

  • Quality Reporting Program (QRP) April/May deadline for 10/1/19 - 12/31/19 data submission is optional for those facilities that have not yet submitted data;
  • Facilities do not need to submit 1/1/20 - 6/30/20 data for purposes of compliance with QRP;
  • CMS will not use any data for the first 2 quarters of 2020, 1/1/20 - 6/30/20, in its calculations;
  • Claims for 1/1/20 - 6/30/20 will be excluded from calculation of all-cause readmission measures that result in value-based purchasing adjustments.

Read the full CMS press release.

Families First Coronavirus Response Act (FFCRA)
On March 18, 2020, the President signed into law, H.R. 6201, the Families First Coronavirus Response Act. The legislation eliminates patient cost-sharing for COVID-19 testing and related services, establishes an emergency paid leave program, and expands unemployment and nutrition assistance. Moreover, the bill provides a temporary 6.2% increase in Federal Medical Assistance Percentages (FMAP) for each calendar quarter occurring during an emergency period.

FMAP is the federal portion of funds for state Medicaid programs. With this temporary increase states can use the increased federal funds for any portion of the state Medicaid program. Due to significant increases in unemployment from business closures, the increase may be used to provide Medicaid coverage for the newly unemployed and uninsured. This would result in less funding for provider rate increases to cover COVID-19 related costs. However, on March 21, 2020, the federal government also announced that it is considering a special enrollment period for Affordable Care Act Health Insurance Exchange coverage. A special enrollment period would offer lower cost coverage to individuals with reduced incomes and could influence how the FMAP increase will be used, possibly resulting in more being allocated to covering provider rates. As of today, it is still unclear how states will use the increased funds.

A table released by AHCA on March 14, 2020, provides estimates of the increase in Federal Medicaid funding from FMAP assuming the increase is in effect January through December 2020. 

There are two provisions of the FFCRA that deal with paid leave provisions for employees. BerryDunn's employee benefits consultants provide insight and clarity on the paid leave provisions for employees.

Prioritization of survey activities
CMS released guidance prioritizing and suspending most federal and state survey agency (SSA) surveys, and delaying revisit surveys, for the next three weeks beginning on March 20, 2020, for all nursing homes. Standard surveys and non-Immediate Jeopardy (IJ) related onsite surveys will be suspended for three weeks. Complaints and facility-reported incidents that are considered at the IJ level will be conducted during this time. Facilities are encouraged to use the CDC developed COVID-19 Focused Survey for Nursing Homes. Get additional CMS guidance

Coronavirus Aid, Relief, and Economic Security (CARES) Act
On March 25, 2020, the US Senate unanimously approved the $2 trillion CARES Act (The “Act”). It is anticipated that the House of Representatives will vote on the Act today, March 27, 2020. The White House has signaled that it will sign the measure as approved by the Senate. 

Major provisions of the proposed legislation include:

  • The Medicare 2% sequester will be temporarily suspended starting in late May 2020. 
  • $150 million for modifications of existing hospital, nursing home, and “domiciliary facilities” undertaken as part of COVID-19 response.
  • $65 million for housing for the elderly and people with disabilities for rental assistance, service coordinators and support services for the more than 114,000 affordable households for the elderly, and more than 30,000 affordable households for low-income people with disabilities.
  • $2.8 million to provide staff treating veterans living at Armed Forces Retirement Homes with the personal protective equipment they need. The funding provides this and other necessary equipment and staffing support to help minimize the spread of the coronavirus among residents.
  • $955 million for the Administration for Community Living to support nutrition programs, home- and community-based services, support for family caregivers, and expand oversight and protections for seniors and individuals with disabilities.
  • $200 million for the Centers for Medicare & Medicaid Services to assist nursing homes with infection control and support states’ efforts to prevent the spread of the coronavirus in nursing homes.

Practical tips for monitoring and maintaining your organization’s financial health 
As we navigate these next few months, facilities will face challenges to maintain the health and safety of their residents and staff as well as the financial health of the organization. Some things you should be doing now:

  • Calculate your working capital and cash position weekly or bi-weekly.
  • Perform cash flow projections for the next few months. Be sure the timing of your cash receipts will cover payroll and supplies expenditures each week. 
  • Contact your lenders to obtain or increase available working capital lines of credit.
  • Ascertain if you can release any investment balances if needed.


We are here to help
Please contact the BerryDunn senior living team if you have any questions, or would like to discuss your specific situation.

Blog
Senior living organizations and COVID-19

In early March 2020, the US Department of Education (ED) issued a Dear Colleague Letter, “Guidance for interruptions of study related to Coronavirus (COVID-19),” posting a subsequent update March 20 to include the document “Frequently Asked Questions Related to COVID-19.” The information below has been excerpted directly from the letter and compiled with the needs of our higher education clients in mind.

This electronic announcement addresses concerns regarding how higher education leaders should comply with Title IV, Higher Education Act (HEA) policies for students whose activities are impacted by the coronavirus and COVID-19:

  • Either directly because the student is ill or quarantined, or 
  • Indirectly because the student was recalled from travel-abroad experiences, can no longer participate in internships or clinical rotations, or attends a campus that has temporarily suspended operations.

This information provides some flexibility for schools working to help students complete the term in which they are currently enrolled. Some of the most important changes to note:

  • Federal Work Study (FWS)
    For students enrolled and performing FWS at a campus that must close due to COVID-19, or for a FWS student who works for an employer that closes as a result of COVID-19, the institution may continue paying the student federal work-study wages during that closure if it occurred after the beginning of the term, the institution is continuing to pay its other employees (including faculty and staff), and the institution continues to meet its institutional wage share requirement.
  • Length of academic year
    If at any point an institution determines it will close as the result of a campus health emergency, it may contact the school participation team to request a temporary reduction in the length of its academic year.
  • Professional judgement
    Financial aid administrators (FAA) have statutory authority to use professional judgement to make adjustments on a case-by-case basis to the cost of attendance or to the data elements used in calculating the EFC to reflect a student’s special circumstances. The use of professional judgement where students and/or their families have been affected by COVID-19 is permitted, such as in the case where an employer closes for a period of time as a result of COVID-19. 
  • Reentering the same payment period
    If an institution that has closed subsequently re-opens during the same payment period or period of enrollment, and permits students to continue coursework that they were taking at the time of the closure, students that return to class at that time are considered to have reentered the same period and retain eligibility for Title IV aid that they were otherwise eligible to receive before the closure.

We highly recommend you read the full letter, as it outlines additional important details and includes recently added FAQ documents.

Questions? Please contact Renee Bishop, Sarah Belliveau, or Mark LaPrade. We’re here to help.

For further reading
Guidance for interruptions of study related to Coronavirus (COVID-19) 
FAQs
COVID-19 ("Coronavirus") Information and Resources for Schools and School Personnel
 

Blog
Guidance from the US Department of Education Dear Colleague Letter

The President signed The Families First Coronavirus Response Act (hereinafter the “Act”) into law on March 18th and the provisions are effective April 2nd. You can read the congressional summary here. There are two provisions of the Act that deal with paid leave provisions for employees. Here are some highlights for employers.

The provisions of the Act are only required for employers with fewer than 500 employees. Employers with over 499 employees are not required to provide the sick/family leave contained in the Act, but could voluntarily elect to follow the new rules. The expectation is that employers with over 499 employees are providing some level of sick/family leave benefits already. In any case, employers with over 499 employees are not eligible for the tax credits. 

Employers with fewer than 500 employees are required to provide employees with up to 80 hours of paid sick leave over a two-week period if the employee:

  • Self-isolates because of a diagnosis with COVID-19, or to comply with a recommendation or order to quarantine;
  • Obtains a medical diagnosis or care if the employee is experiencing COVID-19 symptoms;
  • Needs to care for a family member who is self-isolating due to a COVID-19 diagnosis or quarantining due to COVID-19 symptoms; or
  • Is caring for a child whose school has closed, or childcare provider is unavailable, due to COVID-19.

These rules apply to all employees regardless of the length of time they have worked for the employer. The 80-hours would be pro-rated for those employees who do not normally work a 40-hour week. 

Employees who take leave because they themselves are sick (i.e., the first two bullets above) can receive up to $511 per day, with an aggregate limit of $5,110. If, on the other hand, an employee takes leave to care for a child or other family member (i.e., the last two bullets above), the employee will be paid two-thirds (2/3) of their regular weekly wages up to a maximum of $200 per day, with an aggregate limit of $2,000.

Days when an individual receives pay from their employer (regular wages, sick pay, or other paid time off) or unemployment compensation do not count as leave days for the purposes of this benefit.

Family and Medical Leave Act

Employees who have been employed for at least 30-days also have the right to take up to 12 weeks of job-protected leave under the Family and Medical Leave Act (FMLA). The Act requires that 10 of these 12 weeks (i.e., after the sick leave discussed above is taken) be paid at a rate of no less than two-thirds of the employee’s usual rate of pay. Any leave taken under this portion of the ACT will be limited to $200 per day with an aggregate limit of $10,000.

Exemptions

The Secretary of Labor has the authority to issue regulations exempting: (1) certain healthcare providers and emergency responders from taking leave under the Act; and (2) small businesses with fewer than 50 employees from the requirements of the Act if it would jeopardize the viability of the business.

Expiration

The provisions of the Act are set to expire on December 31, 2020, and unused time will not carry over from one year to the next.

Tax credits 

The Act provides for refundable tax credits to help an employer cover the costs associated with providing paid emergency sick leave or paid FMLA. The tax credits work as follows:

  • A refundable tax credit for employers equal to 100 percent of qualified family leave wages paid under the Act.
  • A refundable tax credit for employers equal to 100 percent of qualified paid sick leave wages paid under the Act. 
  • The tax credits are taken on Form 941 – Employer’s Quarterly Federal Income Tax Return filed for the calendar quarter when the leave is taken and reduce the employer’s portion of the Social Security taxes due. If the credit exceeds the employer’s total liability for Social Security taxes for all employees for any calendar quarter, the excess credit is refundable to the employer.

For more information

We are here to help. Please contact our benefit plan consultants if you have any questions or would like to discuss your specific situation. 

Blog
Highlights of the recently passed paid sick and family leave act: What you need to know

Editor’s note: Read this if you are a Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Chief Information Officer, or Controller.

Last month, the Office of the Comptroller of the Currency (OCC) issued its Semiannual Risk Perspective for Fall 2019. The report addresses key issues facing banks and focuses on those that pose threats to their safety and soundness. According to the report:

  • Bank financial performance is strong due to a favorable credit environment and the longest economic expansion in U.S. history.
  • Capital levels have reached historical highs.
  • Return on equity was above its 2006 pre-crisis level for the first time at 12.7%.
  • Net income grew 8.22% from the same period a year ago; however, net interest income grew only 4%, as loan growth is below historical averages and an increasing number of banks are facing a flat or declining net interest margin.
  • There is continued weakness in residential and commercial real estate loan growth.
  • Delinquent and nonperforming loans remain below their long-term averages.


Banks can thrive even with economic uncertainty

While these trends indicate that 2019 was by and large an excellent year, banks cannot afford to be complacent, as 2019 also saw increasing risks to the industry. For instance, in 2019 there was much discussion of the future cessation of the London InterBank Offer Rate (LIBOR). The OCC has indicated it will increase its regulatory oversight regarding the anticipated cessation, to ensure banks assess their exposure to LIBOR and are appropriately planning their transition from the widely used benchmark rate. The Financial Accounting Standards Board (FASB) is also working on a project to address accounting issues that could arise from the transition from LIBOR.

And, although 2019 continued the longest economic expansion in US history, economic uncertainty exists due to, in part, the US-China trade conflict and ongoing Brexit discussions. This economic uncertainty has caused volatility in the interest rate environment. Aside from the yield curve inverting in 2019, banks also saw the Federal Funds target rate increase 25 basis points prior to decreasing 50 basis points. Given the typically asset-sensitive nature of banks’ balance sheets, the current interest rate environment will also put pressure on net interest margins. The current volatility of interest rates has caused the OCC to conclude interest rate risk is currently at heightened levels. 

Net interest income continues to be the most significant driver of net revenues for community banks, comprising nearly 80% of net revenues. With a difficult interest rate environment and lackluster loan growth in residential and commercial real estate, banks may face a difficult path ahead. Banks should tread cautiously, especially if this uncertainty persists. Asset-liability management will need be a significant focus (more than usual) as banks try to position themselves to not only maintain profitability through this uncertainty, but also come out stronger than before. Specifically, if lower rates persist, asset growth will need be a priority over deposit growth to maintain profitability at lower net interest margins. If loan growth continues to wane, this will prove to be difficult.

Innovations to compete with new lending sources

Adding to the list of threats to performance is the increasing amount of alternative financial resources available to borrowers. Banks have traditionally been the only source of credit for borrowers. However, technology has rapidly changed that landscape. Person-to-person (P2P) lending (also known as crowd lending, or social lending), allows people to borrow funds directly from another person, cutting out traditional lending sources (banks). Additionally, blockchain technology, if the hype is accurate, has the potential to eliminate the need of a financial intermediary altogether. 

Banks are adapting to this competition and to customers looking for more convenience and alternative services by offering new, unique services that differentiate themselves from others and provide added value to the customer. Banks have delivered through remote deposit, ATMs, and interactive teller machines (ITMs). Banks will need to continue to adopt innovative services to remain competitive. 

For instance, banks could offer video conferencing services, in which customers could have a live conversation with a bank representative through their smartphone. This convenience would allow a customer to conduct a transaction, such as apply for a loan, from the convenience of their home, while still maintaining human interaction throughout the transaction. Such a service would help banks compete with digital channels offered by non-banks, such as Quicken Loans, which is now the largest mortgage originator in the United States.

Strategies to protect against technological risks

These services all require the use of existing and new technologies, which have caused banks to hold more personally identifiable information (PII) digitally across an increasing number of digital platforms. As noted by the OCC, this digital exposure has created persistent cybersecurity risks for banks. Adopting a robust cybersecurity framework is no longer an option. 

Banks should bring cybersecurity to the forefront of their strategic planning. Any strategic plan must consider cybersecurity implications, as a single disaster can be detrimental to a bank’s reputation. And, given this rapidly changing environment, the cybersecurity conversation must be ongoing through relevant bank committees and the board of directors.

Furthermore, these technological solutions require partnerships with businesses that banks would not traditionally partner with. Financial technology (fintech) companies don’t just pose as a competitor to traditional banks. Many fintech companies are offering their technological solutions to traditional banks. However, outsourcing technological solutions to fintech companies and other businesses does not relieve a bank from performing its own due diligence and ensuring those companies meet the bank’s standards. 

Banks should evaluate potential vendors to ensure they comply with the bank’s vendor management policy. Since environments are constantly changing, this evaluation should be ongoing. Many vendors now provide System and Organization Controls (SOC) reports which detail the control environment at the vendor and involve independent third-party testing of those controls that exist at the vendor. SOC reports can provide a useful starting point for evaluating a vendor’s ongoing compliance with the bank’s vendor management policy. However, it is not a substitute for ongoing communication with a vendor.

There is no doubt 2019 was a successful year for banks. But past performance is not a guarantee of future success. Banks face many challenges, risks, and uncertainties, of which only a few have been outlined above. The current landscape may be challenging but it is also filled with opportunity. Banks should consider expanding their services, adopting new technologies, and partnering with other companies to leverage their strengths. Doing so should help position themselves for an exciting decade ahead.

If you have specific concerns about challenges facing your institution, please contact the team

Blog
Banking and finance: 2020 challenges and what to do to overcome them

Editor's note: read this if you are a CFO, controller, accountant, or business manager.

We auditors can be annoying, especially when we send multiple follow-up emails after being in the field for consecutive days. Over the years, we have worked with our clients to create best practices you can use to prepare for our arrival on site for year-end work. Time and time again these have proven to reduce follow-up requests and can help you and your organization get back to your day-to-day operations quickly. 

  1. Reconcile early and often to save time.
    Performing reconciliations to the general ledger for an entire year's worth of activity is a very time consuming process. Reconciling accounts on a monthly or quarterly basis will help identify potential variances or issues that need to be investigated; these potential variances and issues could be an underlying problem within the general ledger or control system that, if not addressed early, will require more time and resources at year-end. Accounts with significant activity (cash, accounts receivable, investments, fixed assets, accounts payable and accrued expenses and debt), should be reconciled on a monthly basis. Accounts with less activity (prepaids, other assets, accrued expenses, other liabilities and equity) can be reconciled on a different schedule.
  2. Scan the trial balance to avoid surprises.
    As auditors, one of the first procedures we perform is to scan the trial balance for year-over-year anomalies. This allows us to identify any significant irregularities that require immediate follow up. Does the year-over-year change make sense? Should this account be a debit balance or a credit balance? Are there any accounts with exactly the same balance as the prior year and should they have the same balance? By performing this task and answering these questions prior to year-end fieldwork, you will be able to reduce our follow up by providing explanations ahead of time or by making correcting entries in advance, if necessary. 
  3. Provide support to be proactive.
    On an annual basis, your organization may go through changes that will require you to provide us documented contractual support.  Such events may include new or a refinancing of debt, large fixed asset additions, new construction, renovations, or changes in ownership structure.  Gathering and providing the documentation for these events prior to fieldwork will help reduce auditor inquiries and will allow us to gain an understanding of the details of the transaction in advance of performing substantive audit procedures. 
  4. Utilize the schedule request to stay organized.
    Each member of your team should have a clear understanding of their role in preparing for year-end. Creating columns on the schedule request for responsibility, completion date and reviewer assigned will help maintain organization and help ensure all items are addressed and available prior to arrival of the audit team. 
  5. Be available to maximize efficiency. 
    It is important for key members of the team to be available during the scheduled time of the engagement.  Minimizing commitments outside of the audit engagement during on site fieldwork and having all year-end schedules prepared prior to our arrival will allow us to work more efficiently and effectively and help reduce follow up after fieldwork has been completed. 

Careful consideration and performance of these tasks will help your organization better prepare for the year-end audit engagement, reduce lingering auditor inquiries, and ultimately reduce the time your internal resources spend on the annual audit process. See you soon. 

Blog
Save time and effort—our list of tips to prepare for year-end reporting

Editor’s note: read this if you work for, or are affiliated with, a charitable organization that receives donations. Even the most mature nonprofit organizations may miss one of these filings once in a while. Some items (e.g., the donor acknowledgement letter) may feel commonplace, but a refresher—especially at a particularly busy time of the year as it pertains to giving—can fend off fines.

As the holiday season is now in full swing, the season of giving is also upon us. Perhaps not surprisingly, the month of December is by far the most charitable month of the year, accounting for almost one-third of all charitable gifts made annually. And with all that giving comes the requirement of charitable organizations to provide donor acknowledgements, a formal “thank you” of the gift being received. Different gifts require differing levels of acknowledgement, and in some cases an additional IRS form (or two) may need to be filed. Doing some work now may save you time (and a fine or two) later. 

While children are currently busy making lists for Santa Claus, in the spirit of giving we present to you our list of donor acknowledgement requirements―and best practices―to help you gain control of this issue for the holiday season and beyond.

Donor acknowledgement letters

Charitable (i.e., 501(c)(3)) organizations are required to provide a donor acknowledgement letter to each donor contributing $250 or more to the organization, whether it be cash or non-cash items (i.e., publicly traded securities, real estate, artwork, vehicles, etc.) received. The letter should include the following: 

  1. Name of the organization
  2. Amount of cash contribution
  3. Description of non-cash items (but not the value) 
  4. Statement that no goods and services were provided (assuming this is the case)
  5. Description and good faith estimate of the value of goods and services provided by the organization in return for the contribution, if any
  6. Statement that goods or services provided by the organization in return for the contribution consisted entirely of intangible religious benefit, if any

It is not necessary to include either the donor’s social security number or tax identification number on the written acknowledgment and as a best practice should not be included in the letter.

In addition to including the elements above, the written acknowledgement is also required to be contemporaneous, that is, sent out in a timely fashion. According to the IRS, a donor must receive the acknowledgment by the earlier of:

  • The date on which the donor actually files his or her individual federal income tax return for the year of the contribution
  • The due date (including extensions) of the return in order to be considered contemporaneous

Quid pro quo disclosure statements

When a donor makes a payment greater than $75 to a charitable organization partly as a contribution and partly as a payment for goods and services, a disclosure statement is required to notify the donor of the value of the goods and services received in order for the donor to determine the charitable contribution component of their payment.

An example of this would be if the organization sold tickets to its annual fundraising dinner event. Assume the ticket costs $100 and at the event the ticketholder receives a dinner valued at $40. In this example, the donor’s tax deduction may not exceed $60. Because the donor’s payment (quid pro quo contribution) exceeds $75, the charitable organization must furnish a disclosure statement to the donor, even though the deductible amount doesn’t exceed $75.

It’s important to note that there are some exclusions to these requirements if the value received is considered to be de minimis (known as the Token Exception), but the value received needs to be relatively small (ex: receiving a coffee mug with a picture of the organization’s logo on it). Please consult your tax advisor for more details.

If the organization does not issue disclosure statements, the IRS can issue penalties of $10 per contribution, not to exceed $5,000 per fundraising event or mailing. An organization may be able to avoid the penalty if reasonable cause can be demonstrated.

Receiving or selling donated noncash property? Forms 8283 & 8282 may be required.

If a charitable organization receives noncash donations, it may be asked to sign Form 8283. This form is required to be filed by the donor and included with their personal income tax return. If a donor contributes noncash property (excluding publicly traded securities) valued at over $5,000, the organization will need to sign Form 8283, Section B, Part IV acknowledging receipt of the noncash item(s) received.

By signing Form 8283, the donee organization is not only acknowledging receipt, but is also affirming that if the property being received is sold, exchanged, or otherwise disposed of within three years of the original donation date, the organization will be required to file Form 8282. A copy of this form is filed with the IRS and must also be provided to the original donor. Form 8282 is not required for sales of donated publicly traded securities. The penalty for failure to file Form 8282 when required is generally $50 per form.

Cars, boats, and yes, even airplanes? That would be Form 1098-C.

An airplane? Yes, even an airplane can be donated, and the donee organization must file a separate Form 1098-C, Contributions of Motor Vehicles, Boats, and Airplanes, with the IRS for each contribution of a qualified vehicle that has a claimed value of more than $500. Contemporaneous written acknowledgement requirements apply here too, and Form 1098-C can act as acknowledgement for this purpose. An acknowledgment is considered contemporaneous if it is furnished to the donor no later than 30 days after the date of the contribution if you plan to use the item for a mission-related purpose, or 30 days after the date of the sale of the item to an unrelated third party.

Penalties for failure to provide contemporaneous written acknowledgement for qualified vehicles can be pretty stiff, generally calculated as a percentage of the sale price if sold, or a percentage of the claimed value if not sold. Should you have any questions or receive a request regarding any of the forms noted above, please consult your tax advisor.

As you can see, the rules around donor acknowledgements can seem a lot like Grandma’s fruitcake―complex and perhaps a bit on the nutty side. When issuing donor acknowledgements this holiday season and beyond, be sure to review the list above and check it twice. Doing so may end up keeping you off of the IRS’s naughty list!

Blog
Donor acknowledgements: We have to file what?

Editor's note: Read this if you are a CTO, CIO, or administrator at a college or university. This is the first blog in a series on business lessons and best practices from American literature. For this series, interviewees select from a list of American literary quotes through which to view, and discuss, their focus or industry. The goal? To generate some novel insight.

The interviewees: David Houle and Joseph Traino, consultants at BerryDunn
The focus: Higher education
The quote: “Our inventions are wont to be pretty toys . . . They are but improved means to an unimproved end.”  -- Henry David Thoreau, Walden; or, Life in the Woods

Thoreau wrote this shortly after the Industrial Revolution. How does its cynicism apply to higher education during the Digital Revolution?

David Houle (DH): It speaks to my basic philosophy about applying technology to the needs of higher education clients. I’m not a “technology for the sake of technology” cheerleader. 

Joseph Traino (JT): People often believe that applying new technology to a business problem is going to solve the business problem. That rarely happens. For example, most higher education clients have a student information system. These clients often feel that, in order to resolve certain issues, they should update the system software, whereas the issues are often resolved by updating business practices to be more efficient and effective. 

DH: Right. We are often brought in to identify needed technology changes but end up stressing practices, processes, and people. If staff can’t correctly use a new technology, then the technology will not provide a real, valuable service.

When implementing a new technology, what’s the #1 thing that a higher education institution can do to prevent or avoid “an unimproved end”?

JT: Fully understand the technology’s impact on stakeholders, such as students, faculty, and staff, and answer the “why?”

DH: Keep people in mind and gain their buy-in when making technology decisions.

What technology, or technology-related change, is going to have the biggest effect on higher education over the next five years?

DH: Clients love to ask us this question (laughs). And if I truly knew the answer, I’d be on some Caribbean island right now, filthy rich and sipping a piña colada. That said, I think the technology demands of the new workforce are going to have the biggest effect. To paraphrase the new workforce: “I don’t want to stare at a green screen. And what in the world is DOS?” Conversely, the personnel who used to support these homegrown, in-house “green screen” products want to retire and leave the workforce. 

JT: I agree that the demands of the new workforce will continue to affect higher education and steer institutions away from term-based courses and programs and toward more flexible, student-centric courses and programs. From a technology standpoint, I think AI and bots are going to replace many of the manual processes that we still see today in higher education. These new technologies will create greater efficiencies—but also possibly reduce jobs—at institutions.

DH: Higher education leaders with vision have already grasped this idea of cutting administrative costs wherever possible, because those costs are not what place students in seats—or in front of screens. On the flip side, advising is currently an underserved area in higher education. So there is an opportunity for leaders to reallocate administrative resources to fulfill advising roles and to help students—such as at-risk and first-generation students—not just in the classroom, but through their learning journey.

Circling back to the Thoreau quote, I’m sure many higher education staff fear technology will lead to “unimproved ends” for their careers. How do you navigate those fears when working with clients? 

JT: It’s certainly a challenge. We currently face some of those fears when working with IT departments—more services are being moved to the cloud, and there is less of a need for on-site database administrators and system administrators, as an example. Alluding to what Dave said about advising, I think many higher education jobs can be shifted to provide interactive high-tech, high-touch services to students.

DH: And to be blunt, some people don’t want to shift, don’t want to change. The people part is the most challenging part of technology adoption. 

In this discussion about technology, we keep returning to people—and the people side of change. Are higher education clients typically responsive to the concept of change management?

JT: There’s typically some reticence, and a lack of understanding about the value of change management. In most cases, change management requires an investment beyond the technology investment. But change management is key to success. 

DH: Reticence is a good word. Yet I do think that views about change management are changing rapidly. Higher education leaders who have been through a significant system or process change now seem to understand the value of change management and know that change management is a necessity, not a luxury. 

In the end, are you confident that new technology is going to benefit students and their educational goals? 

DH: I’m unsure if technology improves the quality of education. However, I am sure that technology increases the options for the delivery of education. And greater flexibility in education delivery is certainly beneficial, especially because the traditional student is now non-traditional. Ongoing and 24/7 access demands in education are here to stay.

JT: I agree with Dave wholeheartedly. I think technology will help improve the means to the end, but I’m not sure if technology is going to improve the end. Technology is just one part of the education equation. 
 

Blog
Technology ≠ Education

This spring, I published a blog about the importance of data governance in higher education institutions. In the summer, a second blog covered implementing baseline principles for data governance. With fall upon us, it is time to transition to discussing three critical steps to create a data governance culture. 

1.    Understand the people side of change.

The culture of any organization begins and ends with its people. As you know, people are notoriously finicky when it comes to change (especially change like data governance initiatives that may alter the way we have to understand or interact with institutional data). I recommend that any higher education institution apply a change management methodology (e.g., Prosci®, Lewin’s Change Management Model) in order to gauge the awareness of, the desire for, and the practical realities of this change. If you apply your chosen methodology in an effective and consistent manner, change management will help you increase buy-in and break down resistance. 

2.    Identify and empower the right people for the right roles.

Higher education institutions often focus on data governance processes and technologies. While this is necessary, you can’t overlook the people part of data governance. In fact, you can argue it is the most important part, because without people, there will be no one to follow the processes you create or use the technologies you implement. 

To find the right people, you need to identify and establish three specific roles for your institution: data trustees, data stewards, and data managers. Once you have organized these roles and responsibilities, data governance becomes easier to manage. Some definitions:

Data trustees (the sponsors) – senior leadership (or designees) who oversee data policy, planning, and management. Their responsibilities include: 

  • Promoting data governance 
  • Approving and updating data policies​​
  • Assigning and overseeing data stewards
  • Being responsible for data governance

Data stewards (the owners) – directors, managers, associate deans, or associate vice presidents who manage one or more data types. Their responsibilities include:

  • Applying and overseeing data governance policies in their functional areas
  • Following legal requirements pertaining to data in their functional areas
  • Classifying data and identifying data safeguards
  • Being accountable for data governance

Data managers (the caretakers) – data system managers, senior data analysts, or functional users (registrar, financial aid, human resources, etc.) who perform day-to-day data collection and management operations. Their responsibilities include:

  • Implementing data governance policies in their functional areas
  • Resolving data issues in their functional areas 
  • Provide training and appropriate documentation to data users
  • Being informed and consulted about data governance

3.    Be consistent and hold people accountable.

Ultimately, your data governance team needs accountability in order to thrive. Therefore, it is up to data trustees, data stewards, and data managers to hold regular meetings, take and distribute meeting notes, and identify and follow up on meeting action items. Without this follow through, data governance initiatives will likely stall or stop altogether. 

More information on data governance 

Are you still curious about additional guiding principles of data governance in higher education? Please contact the team
 

Blog
People Power: Enacting Sustainable Data Governance

A version of this article was previously published on the Massachusetts Nonprofit Network

Editor’s note: while this blog is not technical in nature, you should read it if you are involved in IT security, auditing, and management of organizations that may participate in strategic planning and business activities where considerations of compliance and controls is required.

As we find ourselves in a fast-moving, strong business growth environment, there is no better time to consider the controls needed to enhance your IT security as you implement new, high-demand technology and software to allow your organization to thrive and grow. Here are five risks you need to take care of if you want to build or maintain strong IT security.

1. Third-party risk management―It’s still your fault

We rely daily on our business partners and vendors to make the work we do happen. With a focus on IT, third-party vendors are a potential weak link in the information security chain and may expose your organization to risk. However, though a data breach may be the fault of a third-party, you are still responsible for it. Potential data breaches and exposure of customer information may occur, leaving you to explain to customers and clients answers and explanations you may not have. 

Though software as a service (SaaS) providers, along with other IT third-party services, have been around for well over a decade now, we still neglect our businesses by not considering and addressing third-party risk. These third-party providers likely store, maintain, and access company data, which could potentially contain personally identifiable information (names, social security numbers, dates of birth, addresses), financial information (credit cards or banking information), and healthcare information of your customers. 

While many of the third-party providers have comprehensive security programs in place to protect that sensitive information, a study in 2017 found that 30% of data breaches were caused by employee error or while under the control of third-party vendors.1  This study reemphasizes that when data leaves your control, it is at risk of exposure. 

In many cases, procurement and contracting policies likely have language in contracts that already establish requirements for third-parties related to IT security; however the enforcement of such requirements and awareness of what is written in the contract is not enforced or is collected, put in a file, and not reviewed. What can you do about it?

Improved vendor management

It is paramount that all organizations (no matter their size) have a comprehensive vendor management program that goes beyond contracting requirements in place to defend themselves against third-party risk which includes:

  1. An inventory of all third-parties used and their criticality and risk ranking. Criticality should be assigned using a “critical, high, medium or low” scoring matrix. 
  2. At time of onboarding or RFP, develop a standardized approach for evaluating if potential vendors have sufficient IT security controls in place. This may be done through an IT questionnaire, review of a Systems and Organization Controls (SOC report) or other audit/certifications, and/or policy review. Additional research may be conducted that focuses on management and the company’s financial stability. 
  3. As a result of the steps in #2, develop a vendor risk assessment using a high, medium and low scoring approach. Higher risk vendors should have specific concerns addressed in contracts and are subject to more in depth annual due diligence procedures. 
  4. Reporting to senior management and/or the board annually on the vendors used by the organization, the services they perform, their risk, and ways the organization monitors the vendors. 

2. Regulation and privacy laws―They are coming 

2018 saw the implementation of the European Union’s General Data Privacy Regulation (GDPR) which was the first major data privacy law pushed onto any organization that possesses, handles, or has access to any citizen of EU’s personal information. Enforcement has started and the Information Commissioner’s Office has begun fining some of the world’s most famous companies, including substantial fines to Marriott International and British Airways of $125 million and $183 million Euros, respectively.2  Gone are the days where regulations lacked the teeth to force companies into compliance. 

With thanks to other major data breaches where hundreds of millions’ consumers private information was lost or obtained (e.g., Experian), more regulation is coming. Although there is little expectation of an American federal requirement for data protection, individual states and other regulating organizations are introducing requirements. Each new regulation seeks to protect consumer privacy but the specifics and enforcement of each differ. 

Expected to be most impactful in 2019 is the California Consumer Privacy Act,  which applies to organizations that handle, collect, or process consumer information and do business in the state of California (you do not have to be located in CA to be under the umbrella of enforcement).

In 2018, Maine passed the toughest law on telecommunications providers for selling consumer information. Massachusetts’ long standing privacy and data breach laws were amended with stronger requirements in January of 2019. Additional privacy and breach laws are in discussion or on the table for many states including Colorado, Delaware, Ohio, Oregon, Ohio, Vermont, and Washington, amongst others.      

Preparation and awareness are key

All organizations, no matter your line of business must be aware of and understand current laws and proposed legislation. New laws are expected to not only address the protection of customer data, but also employee information. All organizations should monitor proposed legislation and be aware of the potential enforceable requirements. The good news is that there are a lot of resources out there and, in most cases, legislative requirements allow for grace periods to allow organizations to develop a complete understanding of proposed laws and implement needed controls. 

3. Data management―Time to cut through the clutter 

We all work with people who have thousands of emails in their inbox (in some cases, dating back several years). Those users’ biggest fears may start to come to fruition―that their “organizational” approach of not deleting anything may come to an end with a simple email and data retention policy put in place by their employer. 

The amount of data we generate in a day is massive. Forbes estimates that we generate 2.5 quintillion bytes of data each day and that 90% of all the world’s data was generated in the last two years alone.3 While data is a gold mine for analytics and market research, it is also an increasing liability and security risk. 

Inc. Magazine says that 73% of the data we have available to us is not used.4 Within that data could be personally identifiable information (such as social security numbers, names, addresses, etc.); financial information (bank accounts, credit cards etc.); and/or confidential business data. That data is valuable to hackers and corporate spies and in many cases data’s existence and location is unknown by the organizations that have it. 

In addition to the security risk that all this data poses, it also may expose an organization to liability in the event of a lawsuit of investigation. Emails and other communications are a favorite target of subpoenas and investigations and should be deleted within 90 days (including deleted items folders). 

Take an inventory before you act

Organizations should first complete a full data inventory and understand what types of data they maintain and handle, and where and how they store that data. Next, organizations can develop a data retention policy that meets their needs. Utilizing backup storage media may be a solution that helps reduce the need to store and maintain a large amount of data on internal systems. 

4. Doing the basics right―The simple things work 

Across industries and regardless of organization size, the most common problem we see is the absence of basic controls for IT security. Every organization, no matter their size, should work to ensure they have controls in place. Some must-haves:

  • Established IT security policies
  • Routine, monitored patch management practices (for all servers and workstations)
  • Change management controls (for both software and hardware changes)
  • Anti-virus/malware on all servers and workstations
  • Specific IT security risk assessments 
  • User access reviews
  • System logging and monitoring 
  • Employee security training

Go back to the basics 

We often see organizations that focus on new and emerging technologies, but have not taken the time to put basic security controls in place. Simple deterrents will help thwarting hackers. I often tell my clients a locked car scares away most ill-willed people, but a thief can still smash the window.  

Smaller organizations can consider using third-party security providers, if they are not able to implement basic IT security measures. From our experience, small organizations are being held to the same data security and privacy expectations by their customers as larger competitors and need to be able to provide assurance that controls are in place.  

5. Employee retention and training 

Unemployment rates are at an all-time low, and the demand for IT security experts at an all-time high. In fact, Monster.com reported that in 2019 the unemployment rate for IT security professionals is 0%.5 

Organizations should be highly focused on employee retention and training to keep current employees up-to-speed on technology and security trends. One study found that only 15% of IT security professionals were not looking to switch jobs within one year.6  

Surprisingly, money is not the top factor for turnover―68% of respondents prioritized working for a company that takes their opinions seriously.6 

For years we have told our clients they need to create and foster a culture of security from the top down, and that IT security must be considered more than just an overhead cost. It needs to align with overall business strategy and goals. Organizations need to create designated roles and responsibilities for security that provide your security personnel with a sense of direction―and the ability to truly protect the organization, their people, and the data. 

Training and support goes a long way

Offering training to security personnel allows them to stay abreast of current topics, but it also shows those employees you value their knowledge and the work they do. You need to train technology workers to be aware of new threats, and on techniques to best defend and protect from such risks. 

Reducing turnover rate of IT personnel is critical to IT security success. Continuously having to retrain and onboard employees is both costly and time-consuming. High turnover impacts your culture and also hampers your ability to grow and expand a security program. 

Making the effort to empower and train all employees is a powerful way to demonstrate your appreciation and support of the employees within your organization—and keep your data more secure.  

Our IT security consultants can help

Ensuring that you have a stable and established IT security program in place by considering the above risks will help your organization adapt to technology changes and create more than just an IT security program, but a culture of security minded employees. 

Our team of IT security and control experts can help your organization create and implement controls needed to consider emerging IT risks. For more information, contact the team
 

Sources:
[1] https://iapp.org/news/a/surprising-stats-on-third-party-vendor-risk-and-breach-likelihood/  
[2] https://resources.infosecinstitute.com/first-big-gdpr-fines/
[3] https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-blowing-stats-everyone-should-read/#458b58860ba9
[4] https://www.inc.com/jeff-barrett/misusing-data-could-be-costing-your-business-heres-how.html
[5] https://www.monster.com/career-advice/article/tech-cybersecurity-zero-percent-unemployment-1016
[6] https://www.securitymagazine.com/articles/88833-what-will-improve-cyber-talent-retention

Blog
Five IT risks everyone should be aware of

Editor’s note: If you are a higher education CFO, CIO, CTO or other C-suite leader, this blog is for you.

The Gramm-Leach-Bliley Act (GLBA) has been in the news recently as the Federal Trade Commission (FTC) has agreed to extend a deadline for public comment regarding proposed changes to the Safeguards Rule. Here’s what you need to know.

GLBA, also known as the Financial Modernization Act, is a 1999 federal law providing rules to financial institutions for protecting consumer information. Colleges and universities fall under this act because they conduct financial activities (e.g., administration of financial aid, loans, and other financial services).

Under the Safeguards Rule financial Institutions must develop, implement, and maintain a comprehensive information security program that consists of safeguards to handle customer information.

Proposed changes

The FTC is proposing five modifications to the Safeguards Rule. The new act will:

  • Provide more detailed guidance to impacted institutions regarding how to develop and implement specific aspects of an overall information security program.
  • Improve the accountability of an institution’s information security programs.
  • Exempt small business from certain requirements.
  • Expand the definition of “financial institutions” to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities.
  • Propose to include the definition of “financial institutions” and related examples in the rule itself rather than cross-reference them from a related FTC rule (Privacy of Consumer Financial Information Rule).

Potential impacts for your institution

The Federal Register, Volume 84, Number 65, published the notice of proposed changes that once approved by the FTC would add more prescriptive rules that could have significant impact on your institution. For example, these rules would require institutions to:

  1. Expand existing security programs with additional resources.
  2. Produce additional documentation.
  3. Create and implement additional policies and procedures.
  4. Offer various forms of training and education for security personnel.

The proposed rules could require institutions to increase their commitment in time and staffing, and may create hardships for institutions with limited or challenging resources.

Prepare now

While these changes are not final and the FTC is requesting public comment, here are some things you can do to prepare for these potential changes:

  • Evaluate whether your institution is compliant to the current Safeguards Rule.
  • Identify gaps between current status and proposed changes.
  • Perform a risk assessment.
  • Ensure there is an employee designated to lead the information security program.
  • Monitor the FTC site for final Safeguard Rules updates.

In the meantime, reach out to us if you would like to discuss the impact GLBA will have on your institution or if you would like assistance with any of the recommendations above. You can view a comprehensive list of potential changes here.

Source: Federal Trade Commission. Safeguards Rule. Federal Register, Vol. 84, No. 65. FTC.gov. April 4, 2019. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/safeguards-rule

Blog
Higher ed: GLBA is the new four-letter word, but it's not as bad as you think

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all  institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

BerryDunn’s Rick Gamache recently published several blog articles on incident response that are relevant to the recent cyberattacks. Below I have provided several of his points tailored to higher education leaders to help them prepare for cybersecurity incidents at their institutions.

What are some examples of incidents that managers need to prepare for?

Examples range from external breaches and insider threats to instances of malfeasance or incompetence. Different types of incidents lead to the same types of results—yet you can’t have a broad view of incidents. Managers should work with their teams to create incident response plans that reflect the threats associated with higher education institutions. A handful of general incident response plans isn’t going to cut it.

Managers need to work with their teams to develop a specific incident response plan for each specific type of incident. Why? Well, think of it this way: Your response to a careless employee should be different from your response to a malicious employee, for a whole host of legal reasons. Incident response is not a cookie-cutter process. In fact, it is quite the opposite. This is one of the reasons I highly suggest security teams include staff members outside of IT. When you’re responding to incidents, you want people who can look at a problem or situation from an external perspective, not just a technical or operational perspective within IT. These team members can help answer questions such as, what does the world see when they look at our institution? What institutional information might be valuable to, or targeted by, malicious actors? You’ll get some valuable fresh perspectives.

How short or long should the typical incident response plan be?

I often see good incident response plans no more than three or four pages in length. However, it is important that incident response plans are task oriented, so that it is clear who does what next. And when people follow an incident response plan, they should physically or digitally check off each activity, then record each activity.

What system or software do you recommend for recording incidents and responses?

There are all types of help desk software you can use, including free and open source software. I recommend using help desk software with workflow capabilities, so your team can assign and track tasks.

Any other tips for developing incident response plans?

First, managers should work with, and solicit feedback from across the academic and administrative areas within the institution when developing incident response plans. If you create these documents in a vacuum, they will be useless.

Second, managers and their teams should take their time and develop the most “solid” incident response plans possible. Don’t rush the process. The effectiveness of your incident response plans will be critical in assessing your institution’s ability to survive a breach. Because of this, you should be measuring your response plans through periodic testing, like conducting tabletop exercises.

Third, keep your students and external stakeholders in mind when developing these plans. You want to make sure external communications are consistent, accurate, and within the legal requirements for your institution. The last thing you want is students and stakeholders receiving conflicting messages about the incident. 

Are there any decent incident response plans in the public domain that managers and their teams can adapt for their own purposes?

Yes. My default reference is the National Institute of Standards and Technology (NIST). NIST has many special publications that describe the incident response process, how to develop a solid plan, and how to test your plan.

Should institutions have dedicated incident response teams?

Definitely. Institutions should identify and staff teams using internal resources. Some institutions may want to consider hiring a reputable third party to act as an incident response team. The key with hiring a third party? Don’t wait until an incident occurs! If you wait, you’re going to panic, and make panic-based decisions. Be proactive and hire a third party on retainer.

That said, institutions should consider hiring a third party on an annual basis to review incident response plans and processes. Why? Because every institution can grow complacent, and complacency kills. A third party can help gauge the strengths and weaknesses of your internal incident response teams, and provide suggestions for general or specific training. A third party can also educate your institution about the latest and greatest cyber threats.

Should managers empower their teams to conduct internal “hackathons” in order to test incident response?

Sure! It’s good practice, and it can be a lot of fun for team members. There are a few caveats. First, don’t call it a hackathon. The word can elicit negative or concerned reactions. Call it “active testing” or “continuous improvement exercises.” These activities allow team members to think creatively, and are opportunities for them to boost their cybersecurity knowledge. Second, be prepared for pushback. Some managers worry if team members gain more cybersecurity skills, then they’ll eventually leave the institution for another, higher-paying job. I think you should be committed to the growth of your team members―it’ll only make your institution more secure.

What are some best practices managers should follow when reporting incidents to their leadership?

Keep the update quick, brief, and to the point. Leave all the technical jargon out, and keep everything in an institutional context. This way leadership can grasp the ramifications of the event and understand what matters. Be prepared to outline how you’re responding and what actions leadership can take to support the incident response team and protect the institution. In the last chapter, I mentioned what I call the General Colin Powell method of reporting, and I suggest using that method when informing leadership. Tell them what you know, what you don’t know, what you think, and what you recommend. Have answers, or at least a plan.

How much institution-wide communication should there be about incidents?

That’s a great question, but a tough one to answer. Transparency is good, but it can also unintentionally lead to further incidents. Do you really want to let your whole institution know about an exploitable weakness? Also, employees can spread information about incidents on social media, which can actually lead to the spread of misinformation. If you are in doubt about whether or not to inform the entire institution about an incident, refer to your Legal Department. In general, institution-wide communication should be direct: We’ve had an incident; these are the facts; this is what you are allowed to say on social media; and this is what you’re not allowed to say on social media.

Another great but tough question: When do you tell the public about an incident? For this type of communication, you’re going to need buy-in from various sources: senior leadership, Legal, HR, and your PR team or external PR partners. You have to make sure the public messaging is consistent. Otherwise, citizens and the media will try to poke holes in your official story. And that can lead to even more issues.

What are the key takeaways for higher education leaders?

Here are key takeaways to help higher education leaders prepare for and respond appropriately to cybersecurity incidents:

  1. Understand your institution’s current cybersecurity environment. 
    Questions to consider: Do you have Chief Information Security Officer (CISO) and/or a dedicated cybersecurity team at your institution? Have you conducted the appropriate audits and assessments to understand your institution’s vulnerabilities and risks?
  2. Ensure you are prepared for cybersecurity incidents. 
    Questions to consider: Do you have a cybersecurity plan with the appropriate response, communication, and recovery plans/processes? Are you practicing your plan by walking through tabletop exercises? Do you have incident response teams?

Higher education continues to face growing threats of cybersecurity attacks – and it’s no longer a matter of if, but when. Leaders can help mitigate the risk to their institutions by proactively planning with incident response plans, communication plans, and table-top exercises. If you need help creating an incident response plan or wish to speak to us regarding preparing for cybersecurity threats, please reach out to us.
 

Blog
Cyberattacks in higher education—How prepared are you?

Read this if you are an Institutional Research (IR) Director, a Registrar, or are in the C-Suite.

In my last blog, I defined the what and the why of data governance, and outlined the value of data governance in higher education environments. I also asserted data isn’t the problem―the real culprit is our handling of the data (or rather, our deferral of data responsibility to others).

While I remain convinced that data isn’t the problem, recent experiences in the field have confirmed the fact that data governance is problematic. So much, in fact, that I believe data governance defies a “solid,” point-in-time solution. Discouraged? Don’t be. Just recalibrate your expectations, and pursue an adaptive strategy.

This starts with developing data governance guiding principles, with three initial points to consider: 

  1. Key stakeholders should develop your institution’s guiding principles. The team should include representatives from areas such as the office of the Registrar, Human Resources, Institutional Research, and other significant producers and consumers of institutional data. 
  2. The focus of your guiding principles must be on the strategic outcomes your institution is trying to achieve, and the information needed for data-driven decision-making.
  3. Specific guiding principles will vary from institution to institution; effective data governance requires both structure and flexibility.

Here are some baseline principles your institution may want to adopt and modify to suit your particular needs.

  • Data governance entails iterative processes, attention to measures and metrics, and ongoing effort. The institution’s governance framework should be transparent, practical, and agile. This ensures that governance is seen as beneficial to data management and not an impediment.
  • Governance is an enabler. The institution’s work should help accomplish objectives and solve problems aligned with strategic priorities.
  • Work with the big picture in mind. Start from the vantage point that data is an institutional asset. Without an institutional asset mentality it’s difficult to break down the silos that make data valuable to the organization.
  • The institution should identify data trustees and stewards that will lead the data governance efforts at your institution
    • Data trustees should have responsibility over data, and have the highest level of responsibility for custodianship of data.
    • Data stewards should act on behalf of data trustees, and be accountable for managing and maintaining data.
  • Data quality needs to be baked into the governance process. The institution should build data quality into every step of capture and entry. This will increase user confidence that there is data integrity. The institution should develop working agreements for sharing and accessing data across organizational lines. The institution should strive for processes and documentation that is consistent, manageable, and effective. This helps projects run smoothly, with consistent results every time.
  • The institution should pay attention to building security into the data usage cycle. An institution’s security measures and practices need to be inherent in the day-to-day management of data, and balanced with the working agreements mentioned above. This keeps data secure and protected for the entire organization.
  •  Agreed upon rules and guidelines should be developed to support a data governance structure and decision-making. The institution should define and use pragmatic approaches and practical plans that reward sustainability and collaboration, building a successful roadmap for the future. 

Next Steps

Are you curious about additional guiding principles? Contact me. In the meantime, keep your eyes peeled for a future blog that digs deeper into the roles of data trustees and stewards.
 

Blog
Governance: It's good for your data

Focus on the people: How higher ed institutions can successfully make an ERP system change

The enterprise resource planning (ERP) system is the heart of an institution’s business, maintaining all aspects of day-to-day operations, from student registration to staff payroll. Many institutions have used the same ERP systems for decades and face challenges to meet the changing demands of staff and students. As new ERP vendors enter the marketplace with new features and functionality, institutions are considering a change. Some things to consider:

  1. Don’t just focus on the technology and make change management an afterthought. Transitioning to a new ERP system takes considerable effort, and has the potential to go horribly wrong if sponsorship, good planning, and communication channels are not in place. The new technology is the easy part of a transition—the primary challenge is often rooted in people’s natural resistance to change.  
  2. Overcoming resistance to change requires a thoughtful and intentional approach that focuses on change at the individual level. Understanding this helps leadership focus their attention and energy to best raise awareness and desire for the change.
  3. One effective tool that provides a good framework for successful change is the Prosci ADKAR® model. This framework has five distinct phases that align with ERP change:

These phases provide an approach for developing activities for change management, preparing leadership to lead and sponsor change and supporting employees through the implementation of the change.

The three essential steps to leveraging this framework:

  1. Perform a baseline assessment to establish an understanding of how ready the organization is for an ERP change
  2. Provide sponsorship, training, and communication to drive employee adoption
  3. Prepare and support activities to implement, celebrate, and sustain participation throughout the ERP transition

Following this approach with a change management framework such as the Prosci ADKAR® model can help an organization prepare, guide, and adopt ERP change more easily and successfully. 

If you’re considering a change, but need to prepare your institution for a healthy ERP transition using change management, chart yourself on this ADKAR framework—what is your organization’s change readiness? Do you have appropriate buy-in? What problems will you face?

You now know that this framework can help your changes stick, and have an idea of where you might face resistance. We’re certified Prosci ADKAR® practitioners and have experience guiding Higher Ed leaders like you through these steps. Get in touch—we’re happy to help and have the experience and training to back it up. Please contact the team with any questions you may have.

1Prosci ADKAR®from http://www.prosci.com

Blog
Perspectives of an Ex-CIO

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 20211. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, some specific actions your institution can take to prepare, and, finally, background on how we got here (see Background at right).

How will the phase-out impact financial institutions?

The Federal Reserve estimates roughly $200 trillion in LIBOR-indexed notional value transactions in the cash and derivatives market2. LIBOR is used to help price a variety of financial services products,  including $3.4 trillion in business loans and $1.3 trillion in consumer loans, as well as derivatives, swaps, and other credit instruments. Even excluding loans and financial instruments set to mature before 2021—estimated by the FDIC at 82% of the above $200 trillion—LIBOR exposure is still significant3.

A financial institution’s ability to lend money is largely dependent on the relative stability of its capital position, or lack thereof. For institutions with a significant amount of LIBOR-indexed assets and liabilities, that means less certainty in expected future cash flows and a less stable capital position, which could prompt institutions to deny loans they might otherwise have approved. A change in expected cash flows could also have several indirect consequences. Criticized assets, assessed for impairment based on their expected future cash flows, could require a specific reserve due to lower present value of expected future cash flows.

The importance of fallback language in loan agreements

Fallback language in loan agreements plays a pivotal role in financial institutions’ ability to manage their LIBOR-related financial results. Most loan agreements include language that provides guidance for determining an alternate reference rate to “fall back” on in the event the loan’s original reference rate is discontinued. However, if this language is non-existent, contains fallbacks that are no longer adequate, or lacks certain key provisions, it can create unexpected issues when it comes time for financial institutions to reprice their LIBOR loans. Here are some examples:

  • Non-existent or inadequate fallbacks
    According to the Alternative Reference Rates Committee, a group of private-market participants convened by the Federal Reserve to help ensure a successful LIBOR transition, "Most contracts referencing LIBOR do not appear to have envisioned a permanent or indefinite cessation of LIBOR and have fallbacks that would not be economically appropriate"4.

    For instance, industry regulators have warned that without updated fallback language, the discontinuation of LIBOR could prompt some variable-rate loans to become fixed-rate2, causing unanticipated changes in interest rate risk for financial institutions. In a declining rate environment, this may prove beneficial as loans at variable rates become fixed. But in a rising rate environment, the resulting shrink in net interest margins would have a direct and adverse impact on the bottom line.

  • No spread adjustment
    Once LIBOR is discontinued, LIBOR-indexed loans will need to be repriced at a new reference rate, which could be well above or below LIBOR. If loan agreements don’t provide for an adjustment of the spread between LIBOR and the new rate, that could prompt unexpected changes in the financial position of both borrowers and lenders3. Take, for instance, a loan made at the Secured Overnight Financing Rate (SOFR), generally considered the likely replacement for USD LIBOR. Since SOFR tends to be lower than three-month LIBOR, a loan agreement using it that does not allow for a spread adjustment would generate lower loan payments for the borrower, which means less interest income for the lender.

    Not allowing for a spread adjustment on reference rates lower than LIBOR could also cause a change in expected prepayments—say, for instance, if borrowers with fixed-rate loans decide to refinance at adjustable rates—which would impact post-CECL allowance calculations like the weighted-average remaining maturity (WARM) method, which uses estimated prepayments as an input.

What can your financial institution do to prepare?

The Federal Reserve and the SEC have urged financial institutions to immediately evaluate their LIBOR exposure and expedite their transition. Though the FDIC has expressed no intent to examine financial institutions for the status of LIBOR planning or critique loans based on use of LIBOR3, Federal Reserve supervisory teams have been including LIBOR transitions in their regular monitoring of large financial institutions5. The SEC has also encouraged companies to provide investors with robust disclosures regarding their LIBOR transition, which may include a notional value of LIBOR exposure2.

Financial institutions should start by analyzing their LIBOR exposure beyond 2021. If you don’t expect significant exposure, further analysis may be unnecessary. However, if you do expect significant future LIBOR exposure, your institution should conduct stress testing using LIBOR as an isolated variable by running hypothetical transition scenarios and assessing the potential financial impact.

Closely examine and assess fallback language in loan agreements. For existing loan agreements, you may need to make amendments, which could require consent from counterparties2. For new loan agreements maturing beyond 2021, lenders should consider selecting an alternate reference rate. New contract language for financial instruments and residential mortgages is currently being drafted by the International Securities Dealers Association and the Federal Housing Finance Authority, respectively3—both of which may prove helpful in updating loan agreements.

Lenders should also consider their underwriting policies. Loan underwriters will need to adjust the spread on new loans to accurately reflect the price of risk, because volatility and market tendencies of alternate loan reference rates may not mirror LIBOR’s. What’s more, SOFR lacks abundant historical data for use in analyzing volatility and market tendencies, making accurate loan pricing more difficult.

Conclusion: Start assessing your LIBOR risk soon

The cessation of LIBOR brings challenges and opportunities that will require in-depth analysis and making difficult decisions. Financial institutions and consumers should heed the advice of regulators and start assessing their LIBOR risk now. Those that do will not only be better prepared―but also better positioned―to capitalize on the opportunities it presents.

Need help assessing your LIBOR risk and preparing to transition? Contact BerryDunn’s financial services specialists.

1 https://www.washingtonpost.com/business/2017/07/27/acdd411c-72bc-11e7-8c17-533c52b2f014_story.html?utm_term=.856137e72385
2 Thomson Reuters Checkpoint Newsstand April 10, 2019
3 https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin18/si-winter-2018.pdf
4 https://bankingjournal.aba.com/2019/04/libor-transition-panel-recommends-fallback-language-for-key-instruments/
5 https://www.reuters.com/article/us-usa-fed-libor/fed-urges-u-s-financial-industry-to-accelerate-libor-transition-idUSKCN1RM25T

Blog
When one loan rate closes, another opens

“The world is one big data problem,” says MIT scientist and visionary Andrew McAfee.

That’s a daunting (though hardly surprising) quote for many in data-rich sectors, including higher education. Yet blaming data is like blaming air for a malfunctioning wind turbine. Data is a valuable asset that can make your institution move.

To many of us, however, data remains a four-letter word. The real culprit behind the perceived data problem is our handling and perception of data and the role it can play in our success—that is, the relegating of data to a select, responsible few, who are usually separated into hardened silos. For example, a common assumption in higher education is that the IT team can handle it. Not so. Data needs to be viewed as an institutional asset, consumed by many and used by the institution for the strategic purposes of student success, scholarship, and more.

The first step in addressing your “big” data problem? Data governance.

What is data governance?

There are various definitions, but the one we use with our clients is “the ongoing and evolutionary process driven by leaders to establish principles, policies, business rules, and metrics for data sharing.”

Please note that the phrase “IT” does not appear anywhere in this definition.

Why is data governance necessary? For many reasons, including:

  1. Data governance enables analytics. Without data governance, it’s difficult to gain value from analytics initiatives which will produce inconsistent results. A critical first step in any data analytics initiative is to make sure that definitions are widely accepted and standards have been established. This step allows decision makers to have confidence in the data being analyzed to describe, predict, and improve operations.
     
  2. Data governance strengthens privacy, security, and compliance. Compliance requirements for both public and private institutions constantly evolve. The more data-reliant your world becomes, the more protected your data needs to be. If an organization does not implement security practices as part of its data governance framework, it becomes easier to fall out of compliance. 
     
  3. Data governance supports agility. How many times have reports for basic information (part-time faculty or student FTEs per semester, for example) been requested, reviewed, and returned for further clarification or correction? And that’s just within your department! Now add multiple requests from the perspective of different departments, and you’re surely going through multiple iterations to create that report. That takes time and effort. By strengthening your data governance framework, you can streamline reporting processes by increasing the level of trust you have in the information you are seeking. Understanding the value of data governance is the easy part/ The real trick is implementing a sustainable data governance framework that recognizes that data is an institutional asset and not just a four-letter word.

Stay tuned for part two of this blog series: The how of data governance in higher education. In the meantime, reach out to me if you would like to discuss additional data governance benefits for your institution.

Blog
Data is a four-letter word. Governance is not.

In auditing, the concept of professional skepticism is ubiquitous. Just as a Jedi in Star Wars is constantly trying to hone his understanding of the “force”, an auditor is constantly crafting his or her ability to apply professional skepticism. It is professional skepticism that provides the foundation for decision-making when conducting an attestation engagement.

A brief definition

The professional standards define professional skepticism as “an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.” Given this definition, one quickly realizes that professional skepticism can’t be easily measured. Nor is it something that is cultivated overnight. It is a skill developed over time and a skill that auditors should constantly build and refine.

Recently, the extent to which professional skepticism is being employed has gained a lot of criticism. Specifically, regulatory bodies argue that auditors are not skeptical enough in carrying out their duties. However, as noted in the white paper titled Scepticism: The Practitioners’ Take, published by the Institute of Chartered Accountants in England and Wales, simply asking for more skepticism is not a practical solution to this issue, nor is it necessarily always desirable. There is an inevitable tug of war between professional skepticism and audit efficiency. The more skeptical the auditor, typically, the more time it takes to complete the audit.

Why does it matter? Audit quality.

First and foremost, how your auditor applies professional skepticism to your audit directly impacts the quality of their service. Applying an appropriate level of professional skepticism enhances the likelihood the auditor will understand your industry, lines of business, business processes, and any nuances that make your company different from others, as it naturally causes the auditor to ask questions that may otherwise go unasked.

These questions not only help the auditor appropriately apply professional standards, but also help the auditor gain a deeper understanding of your business. This will enable the auditor to provide insights and value-added services an auditor who doesn’t apply the right degree of skepticism may never identify.

Therefore, as the white paper notes, audit committees, management, and investors should be asking “How hard do our auditors get pushed on fees, and what effect does that have on the quality of the audit?” If your auditor is overly concerned with completing the audit within a fixed time budget, professional skepticism and, ultimately, the quality of the audit, may suffer.

Applying skepticism internally

By its definition, professional skepticism is a concept that specifically applies to auditors, and is not on point when it comes to other audit stakeholders. This is because the definition implies that the individual applying professional skepticism is independent from the information he or she is analyzing. Other audit stakeholders, such as members of management or the board of directors, are naturally advocates for the organizations they manage and direct and therefore can’t be considered independent, whereas an auditor is required to remain independent.

However, rather than audit stakeholders applying professional skepticism as such, these other stakeholders should apply an impartial and diligent mindset to their work and the information they review. This allows the audit stakeholder to remain an advocate for his or her organization, while applying critical skills similar to those applied in the exercise of professional skepticism. This nuanced distinction is necessary to maintain the limited scope to which the definition of professional skepticism applies: the auditor.

Specific to the financial statement reporting function, these stakeholders should be assessing the financial statements and ask questions that can help prevent or detect flaws in the financial reporting process. For example, when considering significant estimates, management should ask: are we considering all relevant information? Are our estimates unbiased? Are there alternative accounting treatments we haven’t considered? Can we justify our selected accounting treatment? Essentially, management should start by asking itself: what questions would we expect our auditor to ask us?

It is also important to be critical of your own work, and never become complacent. This may be the most difficult type of skepticism to apply, as most of us do not like to have our work criticized. However, critically reviewing one’s own work, essentially as an informal first level of review, will allow you to take a step back and consider it from a different vantage point, which may in turn help detect errors otherwise left unnoticed. Essentially, you should both consider evidence that supports the initial conclusion and evidence that may be contradictory to that conclusion.

The discussion in auditing circles about professional skepticism and how to appropriately apply it continues. It is a challenging notion that’s difficult to adequately articulate. Although it receives a lot of attention in the audit profession, it is a concept that, slightly altered, can be of value to other audit stakeholders. Doing so will help you create a stronger relationship with your auditor and, ultimately, improve the quality of the financial reporting process—and resulting outcome.

Blog
Professional skepticism and why it matters to audit stakeholders

As a new year is upon us, many people think about “out with the old and in with the new”. For those of us who think about technology, and in particular, blockchain technology, the new year brings with it the realization that blockchain is here to stay (at least in some form). Therefore, higher education leaders need to familiarize themselves with some of the technology’s possible uses, even if they don’t need to grasp the day-to-day operational requirements. Here’s a high-level perspective of blockchain to help you answer some basic questions.

Are blockchain and bitcoin interchangeable terms?

No they aren’t. Bitcoin is an electronic currency that uses blockchain technology, (first developed circa 2008 to record bitcoin transactions). Since 2008, many companies and organizations utilize blockchain technology for a multitude of purposes.

What is a blockchain?

In its simplest terms, a blockchain is a decentralized, digital list (“chain”) of timestamped records (“blocks”) that are connected, secured by cryptography, and updated by participant consensus.

What is cryptography?

Cryptography refers to converting unencrypted information into encrypted information—and vice versa—to both protect data and authenticate users.

What are the pros of using blockchain?

Because blockchain technology is inherently decentralized, you can reduce the need for “middleman” entities (e.g., financial institutions or student clearinghouses). This, in turn, can lower transactional costs and other expenses, and cybersecurity risks—as hackers often like to target large, info-rich, centralized databases.

Decentralization removes central points of failure. In addition, blockchain transactions are generally more secure than other types of transactions, irreversible, and verifiable by the participants. These transaction qualities help prevent fraud, malware attacks, and other risks and issues prevalent today.

What are the cons of using blockchain technology?

Each blockchain transaction requires signature verification and processing, which can be resource-intensive. Furthermore, blockchain technology currently faces strong opposition from certain financial institutions for a variety of reasons. Finally, although blockchains offer a secure platform, they are not impervious to cyberattacks. Blockchain does not guarantee a hacker-proof environment.

How can blockchain benefit higher education institutions?

Blockchain technology can provide higher education institutions with a more secure way of making and recording financial transactions. You can use blockchains to verify and transfer academic credits and certifications, protect student personal identifiable information (PII) while simultaneously allowing students to access and transport their PII, decentralize academic content, and customize learning experiences. At its core, blockchain provides a fresh alternative to traditional methods of identity verification, an ongoing challenge for higher education administration.

As blockchain becomes less of a buzzword and begins to expand beyond the realm of digital currency, colleges and universities need to consider it for common challenges such as identity management, application processing, and student credentialing. If you’d like to discuss the potential benefits blockchain technology provides, please contact me.

Blog
Higher education and blockchain 101: It's not just for bitcoin anymore

Good fundraising and good accounting do not always seamlessly align. While they all feed the same mission, fundraisers work to meet revenue goals while accountants focus on recording transactions in compliance with accounting standards. We often see development department totals reported to boards that are not in line with annual financial statements, causing confusion and concern. To bridge this information gap, here are five accounting concepts every not-for-profit fundraiser should know:

1.

GAAP Accounting: Generally Accepted Accounting Principles (GAAP) refers to a common set of accounting standards and procedures. There are as many ways for a donor to structure a gift as there are donors?GAAP provides a common foundation for when and how you should record these gifts.

2.

Pledges: Under GAAP, if there is a true, unconditional “promise to give,” you should record the total pledge as revenue in the current year (with a little present value discounting thrown in the mix for payments expected in future periods). A conditional pledge relies on a specific event happening in the future (think matching gift) and is not considered revenue until that condition is met. (See more on pledges and matching gifts here.) 

3.

Intentions: We sometimes see donors indicating they “intend” to donate a certain amount in the future. An intention on its own is not considered a true unconditional promise under GAAP, and isn’t recorded as revenue. This has a big impact with planned giving as we often see bequests recorded as revenue by the development department in the year the organization is named in the will of the donor—while the accounting guidance specifically identifies bequests as intentions to give that would generally not be recorded by the finance team until the will has been declared valid by the probate court.

4.

Restrictions: Donors often impose restrictions on some contributions, limiting the use of that gift to a specific time, program, or purpose. Usually, a gift like this arrives with some explicit communication from donors, noting how they want to apply the gift. A gift can also be considered restricted to a specific project if it is made in direct response to a solicitation for that project. The donor restriction does not generally determine when to record the gift but how to record it, as these contributions are tracked separately.

5. Gifts vs. Exchange: New accounting guidance has been released that provides more clarity on when a gift or grant is truly a contribution and when it might be an exchange transaction. Contact us if you have any questions.


Understanding the differences in how the development department and finance department track these gifts will allow for better reporting to the board throughout the year—and fewer surprises when you present financial statements at the end of the year. Stay tuned for parts two and three of our contribution series. Have questions? Please contact Emily Parker of Sarah Belliveau.

 

Blog
Accounting 101 for development directors: Five things to know

Cloud services are becoming more and more omnipresent, and rapidly changing how companies and organizations conduct their day-to-day business.

Many higher education institutions currently utilize cloud services for learning management systems (LMS) and student email systems. Yet there are some common misunderstandings and assumptions about cloud services, especially among higher education administrative leaders who may lack IT knowledge. The following information will provide these leaders with a better understanding of cloud services and how to develop a cloud services strategy.

What are cloud services?

Cloud services are internet-based technology services provided and/or hosted by offsite vendors. Cloud services can include a variety of applications, resources, and services, and are designed to be easily scalable, cost effective, and fully managed by the cloud services vendor.

What are the different types?

Cloud services are generally categorized by what they provide. Today, there are four primary types of cloud services:

Cloud Service Types 

Cloud services can be further categorized by how they are provided:

  1. Private cloud services are dedicated to only one client. Security and control is the biggest value for using a private cloud service.
  2. Public cloud services are shared across multiple clients. Cost effectiveness is the best value of public cloud services because resources are shared among a large number of clients.
  3. Hybrid cloud services are combinations of on-premise software and cloud services. The value of hybrid cloud services is the ability to adopt new cloud services (private or public) slowly while maintaining on-premise services that continue to provide value.

How do cloud services benefit higher education institutions?

Higher education administrative leaders should understand that cloud services provide multiple benefits.
Some examples:

Cloud-Services-for-Higher-Education


What possible problems do cloud services present to higher education institutions?

At the dawn of the cloud era, many of the problems were technical or operational in nature. As cloud services have become more sophisticated, the problems have become more security and business related. Today, higher education institutions have to tackle challenges such as cybersecurity/disaster recovery, data ownership, data governance, data compliance, and integration complexities.

While these problems and questions may be daunting, they can be overcome with strong leadership and best-practice policies, processes, and controls.

How can higher education administrative leaders develop a cloud services strategy?

You should work closely with IT leadership to complete this five-step planning checklist to develop a cloud services strategy: 

1. 

Identify new services to be added or consolidated; build a business case and identify the return on investment (ROI) for moving to the cloud, in order to answer:

• 

What cloud services does your institution already have?

• 

What cloud services does your institution already have?

• 

What services should you consider replacing with cloud services, and why?

• 

How are data decisions being made?

2. 

Identify design, technical, network, and security requirements (e.g., private or public; are there cloud services already in place that can be expanded upon, such as a private cloud service), in order to answer:

• 

Is your IT staff ready to migrate, manage, and support cloud services?

• 

Do your business processes align with using cloud services?

• 

Do cloud service-provided policies align with your institution’s security policies?

• 

Do you have the in-house expertise to integrate cloud services with existing on-premise services?

3. 

Decide where data will be stored; data governance (e.g., on-premise, off-premise data center, cloud), in order to answer:

• 

Who owns the data in the institution’s cloud, and where?

• 

Who is accountable for data decisions?

4. 

Integrate with current infrastructure; ensure cloud strategy easily allows scalability for expansion and additional services, in order to answer:

• 

What integration points will you have between on-premise and cloud applications or services, and can the institution easily implement, manage, and support them?

5. 

Identify business requirements — budget, timing, practices, policies, and controls required for cloud services and compliance, in order to answer:

• 

Will your business model need to change in order to support a different cost model for cloud services (i.e., less capital for equipment purchases every three to five years versus a steady monthly/yearly operating cost model for cloud services)?

• 

Does your institution understand the current state and federal compliance and privacy regulations as they relate to data?

• 

Do you have a contingency plan if its primary cloud services provider goes out of business?

• 

Do your contracts align with institutional, state, and federal guidelines?

Need assistance?

BerryDunn’s higher education team focuses on advising colleges and universities in improving services, reducing costs, and adding value. Our team is well qualified to assist in understanding the cloud “skyscape.” If your institution seeks to maximize the value of cloud services or develop a cloud services strategy, please contact me.

Blog
Cloud services 101: An almanac for higher education leaders

The late science fiction writer (and college professor) Isaac Asimov once said: “I do not fear computers. I fear the lack of them.” Had Asimov worked in higher ed IT management, he might have added: “but above all else, I fear the lack of computer staff.”

Indeed, it can be a challenge for higher education institutions to recruit and retain IT professionals. Private companies often pay more in a good economy, and in certain areas of the nation, open IT positions at colleges and universities outnumber available, qualified IT workers. According to one study from 2016, almost half of higher education IT workers are at risk of leaving the institutions they serve, largely for better opportunities and more supportive workplaces. Understandably, IT leadership fears an uncertain future of vacant roles—yet there are simple tactics that can help you improve the chances of filling open positions.

Emphasize the whole package

You need to leverage your institution’s strengths when recruiting IT talent. A focus on innovation, project leadership, and responsibility for supporting the mission of the institution are important attributes to promote when recruiting. Your institution should sell quality of life, which can be much more attractive than corporate culture. Many candidates are attracted to the energy and activity of college campuses, in addition to the numerous social and recreational outlets colleges provide.

Benefit packages are another strong asset for recruiting top talent. Schools need to ensure potential candidates know the amount of paid leave, retirement, and educational assistance for employees and employee family members. These added perks will pique the interest of many candidates who might otherwise have only looked at salary during the process.

Use the right job title

Some current school vacancies have very specific job titles, such as “Portal Administrator” or “Learning Multimedia Developer.” However, this specificity can limit visibility on popular job posting sites, reducing the number of qualified applicants. Job titles, such as “Web Developer” and “Java Developer,” can yield better search results. Furthermore, some current vacancies include a number or level after the job title (e.g., “System Administrator 2”), which also limits visibility on these sites. By removing these indicators, you can significantly increase the applicant pool.

Focus on service, not just technology

Each year, institutions deploy an increasing number of Software as a Service (SaaS) and hosted applications. As higher education institutions invest more in these applications, they need fewer personnel for day-to-day technology maintenance support. In turn, this allows IT organizations to focus limited resources on services that identify and analyze technology solutions, provide guidance to optimize technology investments, and manage vendor relationships. IT staff with soft skills will become even more valuable to your institution as they engage in more people- and process-centric efforts.

Fill in the future

It may seem like science fiction, but by revising your recruiting and retention tactics, your higher education institution can improve its chances of filling IT positions in a competitive job market. In a future blog, I’ll provide ideas for cultivating staff from your institution via student workers and upcoming graduates. If you’d like to discuss additional staffing tactics, send me an email.

Blog
No science fiction: Tactics for recruiting and retaining higher education IT positions

As a leader in a higher education institution, you'll be familiar with this paradox: Every solution can lead to more problems, and every answer can lead to more questions. It’s like navigating an endless maze. When it comes to mobile apps, the same holds true. So, the question: Should your institution have a mobile app? The Answer? Absolutely.

Devices, not computers, are how millenials communicate, gather, inform, and engage. Millennials, on average, spend 90 hours per month on mobile apps, not including web searches and website visits.

Students are no exception. A 2016 Nielsen study showed that 98% of millennials aged 18 – 24, and 97% of millennials aged 25 – 34, owned a smartphone, while a 2017 comScore report stated that one out of five millennials no longer use desktop devices, including laptops. Mobile apps have quickly filled the desktop void, and as students grow more reliant on mobile technology, colleges and universities are in the mix, creating apps to bolster student engagement.

So should you create an app? Here are some questions you should answer before creating a mobile app. Welcome to the labyrinth! But don’t be frustrated—answer these questions to help you avoid dead ends and overspending.

1. Is a mobile app part of your IT Strategy? Including a mobile app in your IT strategy minimizes confusion at all levels about the objectives of mobile app implementation. It also helps dictate whether an institution needs multiple mobile apps for various functions, or a primary app that connects users with other functionality. If an institution has multiple campuses, should you align all campuses with a single app, or if will each campus develop their own?

2. What will the app do? Mobile apps can perform a multitude of functions, but for the initial implementation, select a few key functions in one main area, such as academics or student life. Institutions can then add functionality in the future as mobile adoption grows, and demand for more functions increases.

3. Who will use the app? Mobile apps certainly improve engagement throughout the student life cycle—from prospect to student to alumni—but they also present opportunities for increased faculty, staff, and community engagement. And while institutions should identify the immediate audience of the app, they should also identify future users, based upon functionality.

4. Who will manage the app? Institutions should determine who is going to manage the mobile app, and how. The discussion should focus on access, content, and functionality. Is the institution going to manage everything in house, from development to release to support, or will a mobile app vendor provide this support under contract? Depending on your institution, these discussions will vary.

5. What data will the app use? Like any new software system, an app is only as good as its supporting data. It’s important to assess the systems to integrate with the mobile app, and determine if the systems’ data is up-to-date and ready for integration. Consider the use of application program interfaces, or APIs. APIs allow apps and platforms to interact with one another. They can enable social media, news, weather, and entertainment apps to connect with your institution’s app, enhancing the user experience with more content for users.

6. How much data security does your app need? Depending on the functionality of the app you create, you will need varying degrees of security, including user authentication safeguards and other protections to keep information safe.

7. How much can you spend for the app? Your institution should decide how much you will spend on initial app development, with an eye toward including maintenance and development costs for future functionality. Complexity increases costs, so you will need to  budget accordingly. Include budget planning for updates and functionality improvements after launch.

You will also need to establish a timeline for the project and roll out. And note that apps deployed toward the end of the academic year experience less adoption than apps deployed at the beginning of the academic year.

Once your institution answers these questions, you will be off to a good start. And as I stated earlier, every answer to a question can lead to more questions. If your institution needs help navigating the mobile app labyrinth, please reach out to me

Blog
The mobile app labyrinth: Seven questions higher education institutions should ask

As we begin the second year of Uniform Guidance, here’s what we’ve learned from year one, and some strategies you can use to approach various challenges, all told from a runner's point of view.

A Runner’s Perspective

As I began writing this article, the parallels between strategies that I use when competing in road races — and the strategies that we have used in navigating the Uniform Guidance — started to emerge. I’ve been running competitively for six years, and one of the biggest lessons I’ve learned is that implementing real-time adjustments to various challenges that pop up during a race makes all the difference between crossing — or falling short of — the finish line. This lesson also applies to implementing Uniform Guidance. On your mark, get set, go!

Challenge #1: Unclear Documentation

Federal awarding agencies have been unclear in the documentation within original awards, or funding increments, making it hard to know which standards to follow: the previous cost circulars, or the Uniform Guidance?

Racing Strategy: Navigate Decision Points

Take the time to ask for directions. In a long race, if you’re apprehensive about what’s ahead, stop and ask a volunteer at the water station, or anywhere else along the route.

If there is a question about the route you need to take in order to remain compliant with the Uniform Guidance, it’s your responsibility to reach out to the respective agency single audit coordinators or program officials. Unlike in a race, where you have to ask questions on the fly, it’s best to document your Uniform Guidance questions and answers via email, and make sure to retain your documentation.  Taking the time to make sure you’re headed in the right direction will save you energy, and lost time, in the long run.    

Challenge #2: Subrecipient Monitoring

The responsibilities of pass-through entities (PTEs) have significantly increased under the Uniform Guidance with respect to subaward requirements. Under OMB Circular A-133, the guidance was not very explicit on what monitoring procedures needed to be completed with regard to subrecipients. However, it was clear that monitoring to some extent was a requirement.

Racing Strategy: Keep a Healthy Pace

Take the role of “pacer” in your relationships with subrecipients. In a long-distance race, pacers ensure a fast time and avoid excessive tactical racing. By taking on this role, you can more efficiently fulfill your responsibilities under the Uniform Guidance.

Under the Uniform Guidance, a PTE must:

  • Perform risk assessments on its subrecipients to determine where to devote the most time with its monitoring procedures.
  • Provide ongoing monitoring, which includes site visits, provide technical assistance and training as necessary, and arrange for agreed-upon procedures to the extent needed.
  • Verify subrecipients have been audited under Subpart F of the Uniform Guidance, if they meet the threshold.
  • Report and follow up on any noncompliance at the subrecipient level.
  • The time you spend determining the energy you need to expend, and the support you need to lend to your subrecipients will help your team perform at a healthy pace, and reach the finish line together.

Challenge #3: Procurement Standards

The procurement standards within the Uniform Guidance are similar to those under OMB Circular A-102, which applied to state and local governments. They are likely to have a bigger impact on those entities that were subject to OMB Circular A-110, which applied to higher education institutions, hospitals, and other not-for-profit organizations.

Racing Strategy: Choose the Right Equipment

Do your research before procuring goods and services. In the past, serious runners had limited options when it came to buying new shoes and food to boost energy. With the rise of e-commerce, we can now purchase everything faster and cheaper online than we can at our local running store. But is this really an improvement?

Under A-110, we were guided to make prudent decisions, but the requirements were less stringent. Now, under Uniform Guidance, we must follow prescribed guidelines.

Summarized below are some of the differences between A-110 and the Uniform Guidance:

A-110 UNIFORM GUIDANCE
Competition
Procurement transaction shall be conducted in a manner to provide, to the maximum extent practical, open and free competition.
Competition
Procurement transaction must be conducted in a manner providing full and open competition consistent with the standards of this section.
 
Procurement
Organizations must establish written procurement procedures, which avoid purchasing unnecessary items, determine whether lease or purchase is most economical and practical, and in solicitation provide requirements for awards.
Procurement
Organizations must use one of the methods provided in this section:
  1. Procurement by Micro Purchase (<$3,000)
  2. Procurement by Small Purchase Procedures (<$150,000)
  3. Procurement by Sealed Bids
  4. Procurement by Competitive Proposal
  5. Procurement by Noncompetitive Proposal

While the process is more stringent under the Uniform Guidance, you still have the opportunity to choose the vendor or product best suited to the job. Just make sure you have the documentation to back up your decision.

A Final Thought
Obviously, this article is not an all-inclusive list of the changes reflected in the Uniform Guidance. Yet we hope that it does provide direction as you look for new grant awards and revisit internal policies and procedures.

And here’s one last tip: Do you know the most striking parallel that I see between running a race and implementing the Uniform Guidance? The value of knowing yourself.

It’s important to know what your challenges are, and to have the self-awareness to see when and where you will need help. And if you ever need someone to help you navigate, set the pace, or provide an objective perspective on purchasing equipment, let us know. We’re with you all the way to the finish line.

Grant Running.jpg

Blog
A runner's guide to Uniform Guidance, year two